summary refs log tree commit diff
path: root/synapse/crypto (follow)
Commit message (Expand)AuthorAgeFilesLines
* Revert "Revert accidental fast-forward merge from v1.49.0rc1"Olivier Wilkinson (reivilibre)2021-12-141-11/+19
* Revert accidental fast-forward merge from v1.49.0rc1Sean Quah2021-12-071-19/+11
* Fix perspectives requests for multiple keys for the same server (#11440)Richard van der Hoff2021-11-291-11/+19
* Fix verification of objects signed with old local keys (#11379)Richard van der Hoff2021-11-191-28/+41
* Fetch verify key locally rather than trying to do so over federation if origi...Shay2021-10-281-29/+45
* Add missing type hints to synapse.crypto. (#11146)Patrick Cloke2021-10-213-18/+32
* Use direct references for configuration variables (part 5). (#10897)Patrick Cloke2021-09-241-2/+2
* Use direct references for some configuration variables (part 2) (#10812)Patrick Cloke2021-09-152-5/+5
* Use inline type hints in various other places (in `synapse/`) (#10380)Jonathan de Jong2021-07-151-9/+11
* When joining a remote room limit the number of events we concurrently check s...Erik Johnston2021-06-081-34/+12
* Rewrite the KeyRing (#10035)Erik Johnston2021-06-021-375/+267
* Add `Keyring.verify_events_for_server` and reduce memory usage (#10018)Erik Johnston2021-05-201-10/+88
* remove `HomeServer.get_config` (#9815)Richard van der Hoff2021-04-141-1/+1
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-143-3/+0
* Enable addtional flake8-bugbear linting checks. (#9659)Jonathan de Jong2021-03-241-1/+1
* Import HomeServer from the proper module. (#9665)Patrick Cloke2021-03-231-1/+1
* Enable flake8-bugbear, but disable most checks. (#9499)Jonathan de Jong2021-03-161-1/+1
* Cache config options in SSL verification (#9255)Erik Johnston2021-01-281-4/+9
* Add type hints to the crypto module. (#8999)Patrick Cloke2021-01-043-98/+139
* Apply an IP range blacklist to push and key revocation requests. (#8821)Patrick Cloke2020-12-021-2/+2
* Fix typos and spelling errors. (#8639)Patrick Cloke2020-10-231-1/+1
* Fix occasional "Re-starting finished log context" from keyring (#8398)Richard van der Hoff2020-09-251-26/+44
* Add a comment re #1691Richard van der Hoff2020-09-211-1/+5
* Simplify super() calls to Python 3 syntax. (#8344)Patrick Cloke2020-09-181-2/+2
* Stop sub-classing object (#8249)Patrick Cloke2020-09-042-8/+8
* Do not assume calls to runInteraction return Deferreds. (#8133)Patrick Cloke2020-08-201-4/+3
* Add a comment about SSLv23_METHOD (#8043)Richard van der Hoff2020-08-071-0/+8
* Convert the crypto module to async/await. (#8003)Patrick Cloke2020-08-031-109/+92
* Convert federation client to async/await. (#7975)Patrick Cloke2020-07-301-28/+32
* Replace all remaining six usage with native Python 3 equivalents (#7704)Dagfinn Ilmari Mannsåker2020-06-161-4/+2
* Clean up some LoggingContext stuff (#7120)Richard van der Hoff2020-03-241-2/+2
* Share SSL contexts for non-federation requests (#7094)Richard van der Hoff2020-03-171-24/+44
* Remove special auth and redaction rules for aliases events in experimental ro...Patrick Cloke2020-03-091-1/+1
* Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)Patrick Cloke2020-02-211-4/+2
* pass room_version into compute_event_signature (#6807)Richard van der Hoff2020-01-311-8/+20
* Pass room_version into add_hashes_and_signaturesRichard van der Hoff2020-01-301-7/+13
* Fix some test failures when frozen_dicts are enabled (#6642)Richard van der Hoff2020-01-061-3/+6
* Fix exception when fetching notary server's old keys (#6625)Richard van der Hoff2020-01-061-6/+7
* Don't encode object as UTF-8 string if not needed.Michael Kaye2019-10-241-2/+4
* Fix well-known lookups with the federation certificate whitelist (#5997)Amber Brown2019-09-141-13/+13
* Remove unnecessary parentheses around return statements (#5931)Andrew Morgan2019-08-301-2/+2
* Merge pull request #5895 from matrix-org/erikj/notary_keyErik Johnston2019-08-271-9/+2
|\
| * Fixup review commentsErik Johnston2019-08-231-2/+2
| * Only sign when we respond to remote key requestsErik Johnston2019-08-211-10/+1
| * Add config option for keys to use to sign keysErik Johnston2019-08-211-5/+7
* | Improve error msg when key-fetch fails (#5896)Richard van der Hoff2019-08-221-5/+7
|/
* Share SSL options for well-known requestsErik Johnston2019-07-311-0/+8
* Replace returnValue with return (#5736)Amber Brown2019-07-231-7/+7
* Add a delay to key lookup lock release to fix stack overflowRichard van der Hoff2019-07-191-2/+8
* Refactor Keyring._start_key_lookupsRichard van der Hoff2019-07-191-51/+35
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-7/+8
* Update the TLS cipher string and provide configurability for TLS on outgoing ...Amber Brown2019-06-281-6/+33
* Run Black. (#5482)Amber Brown2019-06-202-33/+17
* Merge pull request #5417 from matrix-org/rav/shared_ssl_contextErik Johnston2019-06-101-74/+106
|\
| * rename gutwrenched attrRichard van der Hoff2019-06-101-5/+9
| * Fix federation connections to literal IP addressesRichard van der Hoff2019-06-101-5/+8
| * clean up impl, and import idna directlyRichard van der Hoff2019-06-101-15/+11
| * Share an SSL context object between SSL connectionsRichard van der Hoff2019-06-091-60/+89
* | Improve startup checks for insecure notary configs (#5392)Richard van der Hoff2019-06-101-7/+0
|/
* Stop hardcoding trust of old matrix.org key (#5374)Richard van der Hoff2019-06-061-35/+37
* Associate a request_name with each verify request, for loggingRichard van der Hoff2019-06-051-44/+68
* Clean up debug logging (#5347)Richard van der Hoff2019-06-052-5/+5
* Rename VerifyKeyRequest.deferred field (#5343)Richard van der Hoff2019-06-051-12/+12
* Don't do long retries when calling the key notary server. (#5334)Richard van der Hoff2019-06-041-1/+0
* Notary server: make requests to origins in parallelRichard van der Hoff2019-06-041-1/+9
* Don't bomb out on direct key fetches as soon as one failsRichard van der Hoff2019-06-041-22/+36
* Reduce timeout for outbound /key/v2/server requests.Richard van der Hoff2019-06-031-0/+13
* Enforce validity period on server_keys for fed requests. (#5321)Richard van der Hoff2019-06-031-56/+111
* Merge pull request #5307 from matrix-org/rav/server_keys/07-fix-notary-cache-...Richard van der Hoff2019-06-031-12/+2
|\
| * Stop overwriting server keys with other keysRichard van der Hoff2019-05-311-12/+2
* | Merge remote-tracking branch 'origin/develop' into rav/server_keys/05-rewrite...Richard van der Hoff2019-05-311-41/+28
|\|
| * Remove some pointless exception handlingRichard van der Hoff2019-05-301-25/+8
| * use attr.s for VerifyKeyRequestRichard van der Hoff2019-05-301-17/+21
* | Rewrite get_server_verify_keys, again.Richard van der Hoff2019-05-301-48/+53
|/
* Merge pull request #5251 from matrix-org/rav/server_keys/01-check_sigRichard van der Hoff2019-05-281-41/+92
|\
| * Improve error handling/logging for perspectives-key fetching.Richard van der Hoff2019-05-241-28/+77
| * Require sig from origin server on perspectives responsesRichard van der Hoff2019-05-231-13/+15
* | Simplification to Keyring.wait_for_previous_lookups. (#5250)Richard van der Hoff2019-05-241-7/+4
|/
* Factor out KeyFetchers from KeyRingRichard van der Hoff2019-05-231-140/+175
* Store key validity time in the storage layerRichard van der Hoff2019-05-231-14/+33
* Simplify process_v2_response (#5236)Richard van der Hoff2019-05-231-21/+29
* Remove unused VerifyKey.expired and .time_added fields (#5235)Richard van der Hoff2019-05-231-3/+0
* Rewrite store_server_verify_key to store several keys at once (#5234)Richard van der Hoff2019-05-231-45/+14
* Run black on synapse.crypto.keyring (#5232)Richard van der Hoff2019-05-221-149/+137
* remove extraneous exception loggingRichard van der Hoff2019-04-251-16/+32
* Clarify logging when PDU signature checking failsRichard van der Hoff2019-04-251-3/+1
* Config option for verifying federation certificates (MSC 1711) (#4967)Andrew Morgan2019-04-251-6/+27
* Remove periods from copyright headers (#5046)Andrew Morgan2019-04-111-1/+1
* Rewrite Datastore.get_server_verify_keysRichard van der Hoff2019-04-091-21/+17
* Remove redundant merged_keys dictRichard van der Hoff2019-04-081-8/+5
* Fix from_server buglet in get_keys_from_perspectivesRichard van der Hoff2019-04-081-1/+1
* Hoist server_name check out of process_v2_responseRichard van der Hoff2019-04-041-13/+7
* Clean up Keyring.process_v2_responseRichard van der Hoff2019-04-041-23/+46
* Correctly log expected errors when fetching server keysErik Johnston2019-03-111-2/+2
* raise_from already raisesErik Johnston2019-02-251-4/+4
* Handle errors when fetching remote server keysErik Johnston2019-02-231-21/+51
* fix to use makeContext so that we don't need to rebuild the certificateoption...Amber Brown2019-02-191-8/+6
* Correctly handle RequestSendFailed exceptionsErik Johnston2019-02-141-2/+2
* Don't create server contexts when TLS is disabledRichard van der Hoff2019-02-111-3/+1
* Make add_hashes_and_signatures operate on dictsErik Johnston2019-01-291-10/+6
* Refactor event signing to work on dictsErik Johnston2019-01-281-30/+69
* Don't send IP addresses as SNI (#4452)Richard van der Hoff2019-01-241-3/+12
* Make key fetches use regular federation client (#4426)Richard van der Hoff2019-01-222-172/+7
* Require ECDH key exchange & remove dh_params (#4429)Amber Brown2019-01-221-2/+4
* Remove fetching keys via the deprecated v1 kex method (#4120)Amber Brown2018-10-312-106/+12
* Fix a number of flake8 errorsRichard van der Hoff2018-10-241-1/+1
* Merge pull request #3826 from matrix-org/rav/logging_for_keyringAmber Brown2018-09-121-6/+18
|\
| * add some logging for the keyring queueRichard van der Hoff2018-09-061-6/+18
* | Port crypto/ to Python 3 (#3822)Amber Brown2018-09-123-6/+13
|/
* Don't log exceptions when failing to fetch server keysErik Johnston2018-08-211-2/+6
* more generic conversion of str/bytes to unicodeJeroen2018-08-091-1/+1
* include private functions from twistedJeroen2018-08-091-2/+35
* updated docstring for ServerContextFactoryJeroen2018-08-081-1/+1
* fix isortJeroen2018-07-291-2/+3
* fix accidental removal of hsJeroen2018-07-271-1/+1
* Merge remote-tracking branch 'upstream/develop' into send_sni_for_federation_...Jeroen2018-07-143-32/+36
|\
| * run isortAmber Brown2018-07-094-35/+39
* | Merge branch 'develop' into send_sni_for_federation_requestsJeroen2018-07-091-1/+1
|\|
| * Attempt to be more performant on PyPy (#3462)Amber Brown2018-06-281-1/+1
* | take idna implementation from twistedJeroen2018-06-261-2/+2
* | allow self-signed certificatesJeroen2018-06-261-23/+35
* | formatting changes for pep8Jeroen2018-06-251-2/+2
* | send SNI for federation requestsJeroen2018-06-243-5/+37
|/
* Try to log more helpful info when a sig verification failsRichard van der Hoff2018-06-081-6/+25
* Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve (#3157)Will Hunt2018-04-301-4/+5
* Merge remote-tracking branch 'origin/develop' into rav/use_run_in_backgroundRichard van der Hoff2018-04-271-45/+48
|\
| * Improve exception handling for background processesRichard van der Hoff2018-04-271-45/+48
* | Use run_in_background in preference to preserve_fnRichard van der Hoff2018-04-271-11/+17
|/
* Use str(e) instead of e.messageAdrian Tschira2018-04-151-4/+4
* Fix 500 when joining matrix-devRichard van der Hoff2017-11-291-3/+10
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-233-3/+3
* Merge branch 'develop' into developRichard van der Hoff2017-09-252-136/+166
|\
| * Fix logcontxt leak in keyclient (#2465)Richard van der Hoff2017-09-251-12/+5
| * Fix logcontext handling in verify_json_objects_for_serverRichard van der Hoff2017-09-201-8/+12
| * Turn _start_key_lookups into an inlineCallbacks functionRichard van der Hoff2017-09-201-40/+37
| * Fix potential race in _start_key_lookupsRichard van der Hoff2017-09-201-5/+8
| * Add some comments to _start_key_lookupsRichard van der Hoff2017-09-201-0/+8
| * Consistency for how verify_request.deferred is calledRichard van der Hoff2017-09-201-13/+17
| * Factor out _start_key_lookupsRichard van der Hoff2017-09-201-7/+17
| * Replace `server_and_json` with `verify_requests`Richard van der Hoff2017-09-201-3/+3
| * pull out handle_key_deferred to top levelRichard van der Hoff2017-09-201-43/+44
| * Fix incorrect key_ids in error messageRichard van der Hoff2017-09-201-1/+1
| * Fix concurrent server_key requests (#2458)Richard van der Hoff2017-09-191-1/+3
| * Clean up and document handling of logcontexts in Keyring (#2452)Richard van der Hoff2017-09-181-28/+36
* | Fix iteration of requests_missing_keys; list doesn't have .values()Kenny Keslar2017-07-261-1/+1
|/
* Merge pull request #2050 from matrix-org/rav/federation_backoffRichard van der Hoff2017-03-231-23/+16
|\
| * push federation retry limiter down to matrixfederationclientRichard van der Hoff2017-03-231-23/+16
* | fix up some key verif docstringsRichard van der Hoff2017-03-211-2/+21
|/
* Add some debug to help diagnose weird federation issueRichard van der Hoff2017-03-201-1/+8
* Preserve some logcontextsErik Johnston2016-08-241-18/+18
* Update keyring MeasureErik Johnston2016-08-191-85/+85
* Measure keyringsErik Johnston2016-08-191-34/+36
* Don't print stack traces when failing to get remote keysErik Johnston2016-08-101-12/+16
* Merge branch 'erikj/key_client_fix' of github.com:matrix-org/synapse into rel...Erik Johnston2016-07-281-3/+9
|\
| * Cache getPeerErik Johnston2016-07-211-2/+5
| * Set host not pathErik Johnston2016-07-211-1/+1
| * Send the correct host header when fetching keysErik Johnston2016-07-211-3/+6
* | Merge branch 'develop' into markjh/verifyMark Haines2016-07-271-2/+9
|\ \
| * \ Merge pull request #955 from matrix-org/markjh/only_from2Mark Haines2016-07-271-2/+9
| |\ \
| | * | Add a couple more checks to the keyringMark Haines2016-07-261-2/+9
| | |/
| * / Fix a couple of bugs in the transaction and keyring codeMark Haines2016-07-261-8/+9
| |/
* / Clean up verify_json_objects_for_serverMark Haines2016-07-271-68/+75
|/
* Uncommit accidentally commited edit to cipher listDavid Baker2016-05-101-1/+1
* Pass through _get_event_txnDavid Baker2016-05-101-1/+1
* Make key client send a Host headerErik Johnston2016-03-111-0/+3
* Fix up logcontextsErik Johnston2016-02-081-37/+46
* copyrightsMatthew Hodgson2016-01-075-5/+5
* Actually look up required remote server key IDsPaul "LeoNerd" Evans2015-12-181-1/+3
* Fix typoErik Johnston2015-11-201-1/+1
* Don't limit connections to perspective serversErik Johnston2015-11-201-21/+17
* Fix bug where we sometimes didn't fetch all the keys requested for aErik Johnston2015-09-171-4/+3
* Merge pull request #272 from matrix-org/daniel/insecureclientDaniel Wagner-Hall2015-09-151-2/+2
|\
| * Allow configuration to ignore invalid SSL certsDaniel Wagner-Hall2015-09-091-2/+2
* | Various bug fixes to crypto.keyringErik Johnston2015-09-091-10/+17
|/
* Remove syutil dependency in favour of smaller single-purpose librariesMark Haines2015-08-242-13/+14
* Merge pull request #194 from matrix-org/erikj/bulk_verify_sigsErik Johnston2015-07-101-131/+342
|\
| * Wait for previous attempts at fetching keys for a given server before trying ...Erik Johnston2015-06-261-15/+68
| * Implement bulk verify_signed_json APIErik Johnston2015-06-261-134/+292
* | remove the tls_certificate_chain_path param and simply support tls_certificat...Matthew Hodgson2015-07-091-3/+1
* | oops, context.tls_certificate_chain_file() expects a file, not a certificate.Matthew Hodgson2015-07-081-2/+2
* | typoMatthew Hodgson2015-07-081-1/+1
* | add new optional config for tls_certificate_chain_path for folks with interme...Matthew Hodgson2015-07-081-0/+2
|/
* Handle the case when things return empty but non none thingsErik Johnston2015-05-191-2/+2
* Don't always hit get_server_verify_key_v1_directErik Johnston2015-05-191-5/+10
* SYN-383: Actually, we expect this value to be a dictErik Johnston2015-05-191-1/+2
* SYN-383: Handle the fact the server might not have signed thingsErik Johnston2015-05-191-1/+1
* Don't reuse var namesErik Johnston2015-05-191-2/+2
* SYN-383: Fix parsing of verify_keys and catching of _DefGen_ReturnErik Johnston2015-05-191-18/+18
* SYN-383: Extract the response list from 'server_keys' in the response JSON as...Mark Haines2015-05-191-1/+3
* Merge pull request #143 from matrix-org/erikj/SYN-375Mark Haines2015-05-121-2/+6
|\
| * Change the way we create observers to deferreds so that we don't get spammed ...Erik Johnston2015-05-081-2/+6
* | Change the way we do logging contexts so that they survive divergencesErik Johnston2015-05-081-6/+11
|/
* Use a defer.gatherResults to collect results from the perspective serversMark Haines2015-04-291-11/+21
* Update the query format used by keyring to match current key v2 specMark Haines2015-04-291-1/+12
* Implement minimum_valid_until_ts in the remote key resourceMark Haines2015-04-291-0/+1
* Merge branch 'develop' into key_distributionMark Haines2015-04-271-0/+20
|\
| * Fix newlinesErik Johnston2015-04-271-2/+1
| * Pull inner function out.Erik Johnston2015-04-271-76/+77
| * Implement locks using create_observer for fetching media and server keysErik Johnston2015-04-271-59/+79
* | Add config for setting the perspective serversMark Haines2015-04-241-1/+5
* | Update to match the specification for key/v2Mark Haines2015-04-231-2/+2
* | Implement remote key lookup apiMark Haines2015-04-222-38/+43
* | Implement v2 key lookupMark Haines2015-04-201-17/+251
* | Fail quicker for 4xx responses in the key client, optional hit a different AP...Mark Haines2015-04-151-6/+31
|/
* Don't look for an TLS private key if we have set --no-tlsErik Johnston2015-03-061-1/+4
* Log error message when we fail to fetch remote server keysErik Johnston2015-03-051-2/+11
* Try to only back off if we think we failed to connect to the remoteErik Johnston2015-02-171-54/+54
* Add per server retry limiting.Erik Johnston2015-02-171-15/+7
* Rate limit retries when fetching server keys.Erik Johnston2015-02-171-55/+71
* Blunty replace json with simplejsonErik Johnston2015-02-111-1/+1
* Fix code-styleMark Haines2015-02-101-2/+2
* Fix bug in timeout handling in keyclientErik Johnston2015-01-301-3/+4
* Update copyright noticesMark Haines2015-01-065-5/+5
* Try and figure out how and why signatures are being changed.Erik Johnston2014-12-101-1/+2
* More bug fixesErik Johnston2014-12-081-1/+1
* Convert rest and handlers to use new event structureErik Johnston2014-12-041-1/+1
* WIP for new way of managing events.Erik Johnston2014-12-031-18/+21
* Merge branch 'develop' into http_client_refactorDavid Baker2014-11-202-3/+3
|\
| * Use module loggers rather than the root logger. Exceptions caused by bad clie...Mark Haines2014-11-201-1/+1
| * Add a few missing yields, Move deferred lists inside PreserveLoggingContext b...Mark Haines2014-11-201-2/+2
* | Separate out the matrix http client completely because just about all of its ...David Baker2014-11-201-3/+3
|/
* Merge PDUs and Events into one objectMark Haines2014-11-141-12/+3
* Fix PDU and event signaturesMark Haines2014-11-141-1/+10
* Validate signatures on incoming eventsMark Haines2014-11-141-4/+14
* Merge branch 'develop' into request_loggingMark Haines2014-11-141-0/+98
|\
| * Tidy up some of the unused sql tablesErik Johnston2014-11-101-2/+0
| * Finish redaction algorithm.Erik Johnston2014-11-101-5/+2
| * Add hash of current state to eventsErik Johnston2014-11-071-1/+10
| * Fix bugs in generating event signatures and hashingErik Johnston2014-11-031-62/+38
| * Don't assume event has hashes key alreadyErik Johnston2014-11-031-0/+2
| * Sign evnetsErik Johnston2014-10-311-0/+20
| * Make prev_event signing work again.Erik Johnston2014-10-311-1/+12
| * Merge branch 'develop' of github.com:matrix-org/synapse into federation_autho...Erik Johnston2014-10-304-5/+3
| |\
| * | fix pyflakes warningsMark Haines2014-10-271-4/+4
| * | Merge branch 'develop' into event_signingMark Haines2014-10-273-2/+5
| |\ \
| * | | Remove signatures from pdu when computing hashes to use for prev pdus, make s...Mark Haines2014-10-171-1/+5
| * | | Rename 'meta' to 'unsigned'Mark Haines2014-10-171-1/+3
| * | | Hash the same content covered by the signature when referencing previous PDUs...Mark Haines2014-10-171-5/+14
| * | | Sign outgoing PDUs.Mark Haines2014-10-161-2/+2
| * | | persist hashes and origin signatures for PDUsMark Haines2014-10-151-0/+70
* | | | Merge branch 'develop' into request_loggingMark Haines2014-10-304-5/+3
|\ \ \ \ | | |_|/ | |/| |
| * | | Fix pep8 warningsMark Haines2014-10-304-5/+3
| | |/ | |/|
* / | Add a request-id to each log lineMark Haines2014-10-301-4/+6
|/ /
* | Fix pyflakes warningsMark Haines2014-10-271-1/+0
* | Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 do...Mark Haines2014-10-241-1/+4
* | add log line for checking verifying signaturesMark Haines2014-10-171-0/+1
|/
* Better response message when signature is missing or unsupportedMark Haines2014-10-131-1/+1
* Respond with more helpful error messages for unsigned requestsMark Haines2014-10-132-4/+33
* SYN-75 Verify signatures on server to server transactionsMark Haines2014-09-304-172/+154
* Add a _matrix/key/v1 resource with the verification keys of the local serverMark Haines2014-09-231-161/+0