Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to setup cross-signing keys #8864

Open
hardcore-sushi opened this issue Jul 9, 2024 · 1 comment
Open

Unable to setup cross-signing keys #8864

hardcore-sushi opened this issue Jul 9, 2024 · 1 comment
Labels
T-Defect Something isn't working: bugs, crashes, hangs and other reported problems

Comments

@hardcore-sushi
Copy link

hardcore-sushi commented Jul 9, 2024
edited
Loading

Steps to reproduce

  1. Install conduit server
  2. Login with element android
  3. Click Settings > Security & Privacy > Cross-Signing > Reset Keys
  4. Enter the password
  5. Click Continue

Outcome

What did you expect?

Cross-signing keys to be reset.

What happened instead?

Element show the error message: "Failed to set up Cross Signing".
Conduit prints:

WARN http_request{path=/_matrix/client/unstable/keys/device_signing/upload}: conduit::api::ruma_wrapper::axum: try_from_http_request failed: Deserialization(Json(Error("missing field `identifier`", line: 1, column: 119)))

The exact request sent by Element is:

{
  "auth": {
    "password": "<PASSWORD>",
    "session": "8ndGKxkyPSBn81Y88SMBDtzRkUVDTned",
    "type": "m.login.password",
    "user": "@bob:<HOMESERVER>"
  },
  "master_key": {
    "keys": {
      "ed25519:yG5KfTv8UlwauaUFQ4sgpqcKArVfo03SmAmBB3xDObU": "yG5KfTv8UlwauaUFQ4sgpqcKArVfo03SmAmBB3xDObU"
    },
    "signatures": {
      "@bob:<HOMESERVER>": {
        "ed25519:LD0549yCCK": "U41xp/sIh23JiAKPk2rgNPpfNLDZ61+SvJag1n7AzBzht3QJtBIcOPRaXCHA/Yk5bQRi3QuczDnD/b54HHaQAg",
        "ed25519:yG5KfTv8UlwauaUFQ4sgpqcKArVfo03SmAmBB3xDObU": "YrBziZkOCifL1+gVChTozjLu45kc4CJpiAYEifMqbWl9dCOEigU2iUQ6aTi/HLUZlkABtoh6vOZGR4TIIhdMDQ"
      }
    },
    "usage": [
      "master"
    ],
    "user_id": "@bob:<HOMESERVER>"
  },
  "self_signing_key": {
    "keys": {
      "ed25519:oOICLRIankieFLVafqVTuB5aKzCUD1/vcw5QVYolvfY": "oOICLRIankieFLVafqVTuB5aKzCUD1/vcw5QVYolvfY"
    },
    "signatures": {
      "@bob:<HOMESERVER>": {
        "ed25519:yG5KfTv8UlwauaUFQ4sgpqcKArVfo03SmAmBB3xDObU": "X61b9girYvqVCUVZM7JfBm5vuTCgpIdlaCrvr6kPTFN0BtgL/4Hy9amWECKvf/1WLk4xp3yh+FjtEDHj5gphAw"
      }
    },
    "usage": [
      "self_signing"
    ],
    "user_id": "@bob:<HOMESERVER>"
  },
  "user_signing_key": {
    "keys": {
      "ed25519:4iFzyGjcNMeKcQkrNiwiOPU9ZdaktgNbnrNmkVKnRTw": "4iFzyGjcNMeKcQkrNiwiOPU9ZdaktgNbnrNmkVKnRTw"
    },
    "signatures": {
      "@bob:<HOMESERVER>": {
        "ed25519:yG5KfTv8UlwauaUFQ4sgpqcKArVfo03SmAmBB3xDObU": "6yfZUO6ww+KsRggf7Aq4G1rH+thXHZkvfvglS6sb2DJc1c9jiOCTXD/tFe+Qr8XGe3NrZGG6qJLRiC0t/3GJAQ"
      }
    },
    "usage": [
      "user_signing"
    ],
    "user_id": "@bob:<HOMESERVER>"
  }
}

As you can see, the user field is directly located under the auth object, whereas element-web (which works) sends this auth object:

  "auth": {
    "password": "<PASSWORD>",
    "session": "8ndGKxkyPSBn81Y88SMBDtzRkUVDTned",
    "type": "m.login.password",
    "identifier": {
      "type": "m.id.user",
      "user": "@bob:<HOMESERVER>"
    }
  }

It seems that element-android does not respect the Matrix spec:

Your phone model

No response

Operating system version

No response

Application version and app store

1.6.18 from F-Droid

Homeserver

conduit v0.8.0

Will you send logs?

Yes

Are you willing to provide a PR?

No
@hardcore-sushi hardcore-sushi added the T-Defect Something isn't working: bugs, crashes, hangs and other reported problems label Jul 9, 2024
@hardcore-sushi
Copy link
Author

hardcore-sushi commented Jul 24, 2024
edited
Loading

This issue actually affects more that just the reset cross-signing key feature.

If the first login to the account is made with Element (typically when registering), it sends the same request to configure the initial cross-signing keys. Due to the malformed request payload, the setup fails, although Element reports it as properly enabled in the settings. Consequently, the session is reported as not verified (red shield) in encrypted chats, and any keys verification with other accounts is thus prevented.

For people stumbled upon this issue and looking for a workaround, you can add a rule in your nginx reverse proxy (if you use one) to fix the JSON payload. You need lua support with the cjson library. Here is an example configuration snippet:

location = /_matrix/client/unstable/keys/device_signing/upload {
  if ($request_method = POST) {
    access_by_lua_block {
      local cjson = require "cjson"
      ngx.req.read_body()
      local data = cjson.decode(ngx.req.get_body_data())
      if data["auth"] ~= nil and data.auth["user"] ~= nil then
        data.auth.identifier = {
          type = "m.id.user",
          user = data.auth.user,
        };
        ngx.req.set_body_data(cjson.encode(data))
      end
    }
  }
  proxy_pass http://<CONDUIT ENDPOINT>$request_uri;
  # ...
}

@hardcore-sushi hardcore-sushi changed the title Cannot reset cross-signing keys Unable to setup cross-signing keys Jul 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T-Defect Something isn't working: bugs, crashes, hangs and other reported problems
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hardcore-sushi