OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove direct refeferences to PyNaCl (use signedjson instead). (#12902)

squah/faster_room_joins_handle_second_join_while_resyncing
Jacek Kuśnierz 2022-06-01 13:32:35 +02:00 committed by GitHub
parent 79dadf7216
commit 88193f2125
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/12902.misc Normal file
View File

@ -0,0 +1 @@
Remove PyNaCl occurrences directly used in Synapse code.

9
contrib/cmdclient/console.py
View File

@ -16,6 +16,7 @@
""" Starts a synapse client console. """ """ Starts a synapse client console. """
import argparse import argparse
import binascii
import cmd import cmd
import getpass import getpass
import json import json
@ -26,9 +27,8 @@ import urllib
from http import TwistedHttpClient from http import TwistedHttpClient
from typing import Optional from typing import Optional
import nacl.encoding
import nacl.signing
import urlparse import urlparse
from signedjson.key import NACL_ED25519, decode_verify_key_bytes
from signedjson.sign import SignatureVerifyException, verify_signed_json from signedjson.sign import SignatureVerifyException, verify_signed_json
from twisted.internet import defer, reactor, threads from twisted.internet import defer, reactor, threads
@ -41,7 +41,6 @@ TRUSTED_ID_SERVERS = ["localhost:8001"]
class SynapseCmd(cmd.Cmd): class SynapseCmd(cmd.Cmd):
"""Basic synapse command-line processor. """Basic synapse command-line processor.
This processes commands from the user and calls the relevant HTTP methods. This processes commands from the user and calls the relevant HTTP methods.
@ -420,8 +419,8 @@ class SynapseCmd(cmd.Cmd):
pubKey = None pubKey = None
pubKeyObj = yield self.http_client.do_request("GET", url) pubKeyObj = yield self.http_client.do_request("GET", url)
if "public_key" in pubKeyObj: if "public_key" in pubKeyObj:
pubKey = nacl.signing.VerifyKey( pubKey = decode_verify_key_bytes(
pubKeyObj["public_key"], encoder=nacl.encoding.HexEncoder NACL_ED25519, binascii.unhexlify(pubKeyObj["public_key"])
) )
else: else:
print("No public key found in pubkey response!") print("No public key found in pubkey response!")

2
poetry.lock generated
View File

@ -1563,7 +1563,7 @@ url_preview = ["lxml"]
[metadata] [metadata]
lock-version = "1.1" lock-version = "1.1"
python-versions = "^3.7.1" python-versions = "^3.7.1"
content-hash = "d39d5ac5d51c014581186b7691999b861058b569084c525523baf70b77f292b1" content-hash = "539e5326f401472d1ffc8325d53d72e544cd70156b3f43f32f1285c4c131f831"
[metadata.files] [metadata.files]
attrs = [ attrs = [

1
pyproject.toml
View File

@ -113,7 +113,6 @@ unpaddedbase64 = ">=2.1.0"
canonicaljson = ">=1.4.0" canonicaljson = ">=1.4.0"
# we use the type definitions added in signedjson 1.1. # we use the type definitions added in signedjson 1.1.
signedjson = ">=1.1.0" signedjson = ">=1.1.0"
PyNaCl = ">=1.2.1"
# validating SSL certs for IP addresses requires service_identity 18.1. # validating SSL certs for IP addresses requires service_identity 18.1.
service-identity = ">=18.1.0" service-identity = ">=18.1.0"
# Twisted 18.9 introduces some logger improvements that the structured # Twisted 18.9 introduces some logger improvements that the structured

17
tests/crypto/test_event_signing.py
View File

@ -12,10 +12,8 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
from signedjson.key import decode_signing_key_base64
import nacl.signing from signedjson.types import SigningKey
import signedjson.types
from unpaddedbase64 import decode_base64
from synapse.api.room_versions import RoomVersions from synapse.api.room_versions import RoomVersions
from synapse.crypto.event_signing import add_hashes_and_signatures from synapse.crypto.event_signing import add_hashes_and_signatures
@ -25,7 +23,7 @@ from tests import unittest
# Perform these tests using given secret key so we get entirely deterministic # Perform these tests using given secret key so we get entirely deterministic
# signatures output that we can test against. # signatures output that we can test against.
SIGNING_KEY_SEED = decode_base64("YJDBA9Xnr2sVqXD9Vj7XVUnmFZcZrlw8Md7kMW+3XA1") SIGNING_KEY_SEED = "YJDBA9Xnr2sVqXD9Vj7XVUnmFZcZrlw8Md7kMW+3XA1"
KEY_ALG = "ed25519" KEY_ALG = "ed25519"
KEY_VER = "1" KEY_VER = "1"
@ -36,14 +34,9 @@ HOSTNAME = "domain"
class EventSigningTestCase(unittest.TestCase): class EventSigningTestCase(unittest.TestCase):
def setUp(self): def setUp(self):
# NB: `signedjson` expects `nacl.signing.SigningKey` instances which have been self.signing_key: SigningKey = decode_signing_key_base64(
# monkeypatched to include new `alg` and `version` attributes. This is captured KEY_ALG, KEY_VER, SIGNING_KEY_SEED
# by the `signedjson.types.SigningKey` protocol.
self.signing_key: signedjson.types.SigningKey = nacl.signing.SigningKey( # type: ignore[assignment]
SIGNING_KEY_SEED
) )
self.signing_key.alg = KEY_ALG
self.signing_key.version = KEY_VER
def test_sign_minimal(self): def test_sign_minimal(self):
event_dict = { event_dict = {

2
tests/crypto/test_keyring.py
View File

@ -19,8 +19,8 @@ import attr
import canonicaljson import canonicaljson
import signedjson.key import signedjson.key
import signedjson.sign import signedjson.sign
from nacl.signing import SigningKey
from signedjson.key import encode_verify_key_base64, get_verify_key from signedjson.key import encode_verify_key_base64, get_verify_key
from signedjson.types import SigningKey
from twisted.internet import defer from twisted.internet import defer
from twisted.internet.defer import Deferred, ensureDeferred from twisted.internet.defer import Deferred, ensureDeferred