ircd::m/modules/key: Various reorg / modularization.

2025-01-13 08:23:56 +01:00 · 2018-08-17 10:37:12 -07:00 · 2018-08-17 10:37:12 -07:00 · 61fade178e
commit 61fade178e
parent d7075d73e5
6 changed files with 426 additions and 401 deletions
--- a/include/ircd/m/keys.h
+++ b/include/ircd/m/keys.h
@ -18,17 +18,6 @@ namespace ircd::m
 	bool verify(const m::keys &);
 }

-namespace ircd::m::self
-{
-	extern ed25519::sk secret_key;
-	extern ed25519::pk public_key;
-	extern std::string public_key_b64;
-	extern std::string public_key_id;
-
-	extern std::string tls_cert_der;
-	extern std::string tls_cert_der_sha256_b64;
-}
-
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wsubobject-linkage"
 /// Contains the public keys and proof of identity for a remote server.
@ -62,9 +51,6 @@ struct ircd::m::keys
 	json::property<name::verify_keys, json::object>
 >
 {
-	struct init;
-
-  public:
 	using queries = vector_view<const m::v1::key::server_key>; // <server, key_id>
 	using closure = std::function<void (const json::object &)>;
 	using closure_bool = std::function<bool (const json::object &)>;
@ -77,15 +63,3 @@ struct ircd::m::keys
 	using super_type::operator=;
 };
 #pragma GCC diagnostic pop
-
-struct ircd::m::keys::init
-{
-	json::object config;
-
-	void certificate();
-	void signing();
-
-  public:
-	init(const json::object &config);
-	~init() noexcept;
-};
--- a/include/ircd/m/m.h
+++ b/include/ircd/m/m.h
@ -64,10 +64,10 @@ struct ircd::m::init

 	self::init _self;
 	dbs::init _dbs;
-	keys::init _keys;

 	static void bootstrap();
 	void init_imports();
+	void init_keys();
 	void close();

  public:
--- a/include/ircd/m/self.h
+++ b/include/ircd/m/self.h
@ -15,6 +15,14 @@ namespace ircd::m::self
 {
 	struct init;

+	extern std::string origin;
+	extern ed25519::sk secret_key;
+	extern ed25519::pk public_key;
+	extern std::string public_key_b64;
+	extern std::string public_key_id;
+	extern std::string tls_cert_der;
+	extern std::string tls_cert_der_sha256_b64;
+
 	string_view host();
 	bool host(const string_view &);
 }
--- a/ircd/m/m.cc
+++ b/ircd/m/m.cc
@ -42,11 +42,8 @@ try
 {
 	origin
 }
-,_keys
-{
-	{}
-}
 {
+	init_keys();
 	init_imports();
 	presence::set(me, "online", me_online_status_msg);
 }
@ -77,7 +74,11 @@ noexcept try
 }
 catch(const m::error &e)
 {
-	log.critical("%s %s", e.what(), e.content);
+	log::critical
+	{
+		log, "%s %s", e.what(), e.content
+	};
+
 	ircd::terminate();
 }

@ -87,6 +88,28 @@ ircd::m::init::close()

 }

+void
+ircd::m::init::init_keys()
+try
+{
+	m::imports.emplace("s_keys"s, "s_keys"s);
+	static m::import<void ()> init_my_keys
+	{
+		"s_keys", "init_my_keys"
+	};
+
+	init_my_keys();
+}
+catch(const std::exception &e)
+{
+	log::error
+	{
+		log, "Failed to initialize server keys :%s", e.what()
+	};
+
+	throw;
+}
+
 void
 ircd::m::init::init_imports()
 try
@ -185,6 +208,34 @@ ircd::m::init::bootstrap()
 // m/self.h
 //

+std::string
+ircd::m::self::origin
+{};
+
+ircd::ed25519::sk
+ircd::m::self::secret_key
+{};
+
+ircd::ed25519::pk
+ircd::m::self::public_key
+{};
+
+std::string
+ircd::m::self::public_key_b64
+{};
+
+std::string
+ircd::m::self::public_key_id
+{};
+
+std::string
+ircd::m::self::tls_cert_der
+{};
+
+std::string
+ircd::m::self::tls_cert_der_sha256_b64
+{};
+
 //
 // my user
 //
@ -256,6 +307,8 @@ extern ircd::m::room::id::buf nodes_room_id;

 ircd::m::self::init::init(const string_view &origin)
 {
+	self::origin = std::string{origin};
+
 	ircd_user_id = {"ircd", origin};
 	m::me = {ircd_user_id};

@ -563,40 +616,12 @@ ircd::m::verify(const m::keys &keys)

 	static import<prototype> function
 	{
-		"key_keys", "verify__keys"
+		"s_keys", "verify__keys"
 	};

 	return function(keys);
 }

-//
-// m::self
-//
-
-ircd::ed25519::sk
-ircd::m::self::secret_key
-{};
-
-ircd::ed25519::pk
-ircd::m::self::public_key
-{};
-
-std::string
-ircd::m::self::public_key_b64
-{};
-
-std::string
-ircd::m::self::public_key_id
-{};
-
-std::string
-ircd::m::self::tls_cert_der
-{};
-
-std::string
-ircd::m::self::tls_cert_der_sha256_b64
-{};
-
 //
 // keys
 //
@ -617,7 +642,7 @@ ircd::m::keys::get(const string_view &server_name,

 	static import<prototype> function
 	{
-		"key_keys", "get__keys"
+		"s_keys", "get__keys"
 	};

 	return function(server_name, key_id, closure_);
@ -632,226 +657,12 @@ ircd::m::keys::query(const string_view &query_server,

 	static import<prototype> function
 	{
-		"key_keys", "query__keys"
+		"s_keys", "query__keys"
 	};

 	return function(query_server, queries_, closure);
 }

-//
-// init
-//
-
-ircd::m::keys::init::init(const json::object &config)
-:config{config}
-{
-	certificate();
-	signing();
-}
-
-ircd::m::keys::init::~init()
-noexcept
-{
-}
-
-void
-ircd::m::keys::init::certificate()
-{
-	const std::string origin
-	{
-		m::self::host()
-	};
-
-	const json::object config
-	{
-		this->config.get({"origin", origin})
-	};
-
-	const std::string private_key_file
-	{
-		unquote(config.get("ssl_private_key_pem_path", origin + ".crt.key"))
-	};
-
-	const std::string public_key_file
-	{
-		unquote(config.get("ssl_public_key_pem_path", private_key_file + ".pub"))
-	};
-
-	if(!private_key_file)
-		throw user_error
-		{
-			"You must specify an SSL private key file at"
-			" origin.[%s].ssl_private_pem_path even if you do not have one;"
-			" it will be created there.",
-			origin
-		};
-
-	if(!fs::exists(private_key_file))
-	{
-		log::warning
-		{
-			"Failed to find certificate private key @ `%s'; creating...",
-			private_key_file
-		};
-
-		openssl::genrsa(private_key_file, public_key_file);
-	}
-
-	const std::string cert_file
-	{
-		unquote(config.get("ssl_certificate_pem_path", origin + ".crt"))
-	};
-
-	if(!fs::exists(cert_file))
-	{
-		std::string subject
-		{
-			this->config.get({"certificate", origin, "subject"})
-		};
-
-		if(!subject)
-			subject = json::strung{json::members
-			{
-				{ "CN", origin }
-			}};
-/*
-			throw user_error
-			{
-				"Failed to find SSL certificate @ `%s'. Additionally, no"
-				" certificate.[%s].subject was found in the conf to generate one.",
-				cert_file,
-				origin
-			};
-*/
-		log::warning
-		{
-			"Failed to find SSL certificate @ `%s'; creating for '%s'...",
-			cert_file,
-			origin
-		};
-
-		const unique_buffer<mutable_buffer> buf
-		{
-			1_MiB
-		};
-
-		const json::strung opts{json::members
-		{
-			{ "private_key_pem_path",  private_key_file  },
-			{ "public_key_pem_path",   public_key_file   },
-			{ "subject",               subject           },
-		}};
-
-		const auto cert
-		{
-			openssl::genX509_rsa(buf, opts)
-		};
-
-		fs::overwrite(cert_file, cert);
-	}
-
-	const auto cert_pem
-	{
-		fs::read(cert_file)
-	};
-
-	const unique_buffer<mutable_buffer> der_buf
-	{
-		8_KiB
-	};
-
-	const auto cert_der
-	{
-		openssl::cert2d(der_buf, cert_pem)
-	};
-
-	const fixed_buffer<const_buffer, crh::sha256::digest_size> hash
-	{
-		sha256{cert_der}
-	};
-
-	self::tls_cert_der_sha256_b64 =
-	{
-		b64encode_unpadded(hash)
-	};
-
-	log::info
-	{
-		log, "Certificate `%s' :PEM %zu bytes; DER %zu bytes; sha256b64 %s",
-		cert_file,
-		cert_pem.size(),
-		ircd::size(cert_der),
-		self::tls_cert_der_sha256_b64
-	};
-
-	thread_local char print_buf[8_KiB];
-	log::info
-	{
-		log, "Certificate `%s' :%s",
-		cert_file,
-		openssl::print_subject(print_buf, cert_pem)
-	};
-}
-
-void
-ircd::m::keys::init::signing()
-{
-	const std::string origin
-	{
-		unquote(this->config.get({"ircd", "origin"}, "localhost"s))
-	};
-
-	const json::object config
-	{
-		this->config.get({"origin", origin})
-	};
-
-	const std::string sk_file
-	{
-		unquote(config.get("ed25519_private_key_path", origin + ".key"))
-	};
-
-	if(!sk_file)
-		throw user_error
-		{
-			"Failed to find ed25519 secret key path at"
-			" origin.[%s].ed25519_private_key_path in config. If you do not"
-			" have a private key, specify a path for one to be created.",
-			origin
-		};
-
-	if(fs::exists(sk_file))
-		log.info("Using ed25519 secret key @ `%s'", sk_file);
-	else
-		log.notice("Creating ed25519 secret key @ `%s'", sk_file);
-
-	self::secret_key = ed25519::sk
-	{
-		sk_file, &self::public_key
-	};
-
-	self::public_key_b64 = b64encode_unpadded(self::public_key);
-	const fixed_buffer<const_buffer, sha256::digest_size> hash
-	{
-		sha256{self::public_key}
-	};
-
-	const auto public_key_hash_b58
-	{
-		b58encode(hash)
-	};
-
-	static const auto trunc_size{8};
-	self::public_key_id = fmt::snstringf
-	{
-		32, "ed25519:%s", trunc(public_key_hash_b58, trunc_size)
-	};
-
-	log.info("Current key is '%s' and the public key is: %s",
-	         self::public_key_id,
-	         self::public_key_b64);
-}
-
 ///////////////////////////////////////////////////////////////////////////////
 //
 // m/visible.h
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@ -67,12 +67,14 @@ s_conf_la_SOURCES = s_conf.cc
 s_control_la_SOURCES = s_control.cc
 s_node_la_SOURCES = s_node.cc
 s_listen_la_SOURCES = s_listen.cc
+s_keys_la_SOURCES = s_keys.cc

 s_module_LTLIBRARIES = \
 	s_conf.la \
 	s_control.la \
 	s_node.la \
 	s_listen.la \
+	s_keys.la \
 	###

 ###############################################################################
@ -240,12 +242,10 @@ client_module_LTLIBRARIES += \

 key_moduledir = @moduledir@

-key_key_keys_la_SOURCES = key/keys.cc
 key_key_server_la_SOURCES = key/server.cc
 key_key_query_la_SOURCES = key/query.cc

 key_module_LTLIBRARIES = \
-	key/key_keys.la \
 	key/key_server.la \
 	key/key_query.la \
 	###
--- a/modules/key/keys.cc
+++ b/modules/key/keys.cc
@ -10,24 +10,323 @@

 using namespace ircd;

-extern "C" bool verify__keys(const m::keys &) noexcept;
 static bool cache_get(const string_view &server, const string_view &key_id, const m::keys::closure &);
 static size_t cache_set(const json::object &);

+extern "C" bool verify__keys(const m::keys &) noexcept;
 extern "C" void get__keys(const string_view &server, const string_view &key_id, const m::keys::closure &);
 extern "C" bool query__keys(const string_view &query_server, const m::keys::queries &, const m::keys::closure_bool &);

+static void create_my_key(const m::event &);
+
+static void init_my_ed25519();
+static void init_my_tls_crt();
+extern "C" void init_my_keys();
+
 mapi::header
 IRCD_MODULE
 {
-	"Federation 2.3 :Retrieving Server Keys"
+	"Server keys"
 };

+void
+init_my_keys()
+{
+	init_my_ed25519();
+	init_my_tls_crt();
+}
+
+conf::item<std::string>
+tls_key_dir
+{
+	{ "name",     "ircd.keys.tls_key_dir"  },
+	{ "default",  fs::cwd()                }
+};
+
+void
+init_my_tls_crt()
+{
+	if(!m::self::origin)
+		throw error
+		{
+			"The m::self::origin must be set to init my ed25519 key."
+		};
+
+	const std::string private_key_path_parts[]
+	{
+		tls_key_dir,
+		m::self::origin + ".crt.key",
+	};
+
+	const std::string public_key_path_parts[]
+	{
+		tls_key_dir,
+		m::self::origin + ".crt.key.pub",
+	};
+
+	const std::string certificate_path_parts[]
+	{
+		tls_key_dir,
+		m::self::origin + ".crt",
+	};
+
+	const std::string private_key_file
+	{
+		fs::make_path(private_key_path_parts)
+	};
+
+	const std::string public_key_file
+	{
+		fs::make_path(public_key_path_parts)
+	};
+
+	const std::string cert_file
+	{
+		fs::make_path(certificate_path_parts)
+	};
+
+	if(!fs::exists(private_key_file))
+	{
+		log::warning
+		{
+			"Failed to find certificate private key @ `%s'; creating...",
+			private_key_file
+		};
+
+		openssl::genrsa(private_key_file, public_key_file);
+	}
+
+	const json::object config{};
+	if(!fs::exists(cert_file))
+	{
+		std::string subject
+		{
+			config.get({"certificate", m::self::origin, "subject"})
+		};
+
+		if(!subject)
+			subject = json::strung{json::members
+			{
+				{ "CN", m::self::origin }
+			}};
+
+		log::warning
+		{
+			"Failed to find SSL certificate @ `%s'; creating for '%s'...",
+			cert_file,
+			m::self::origin
+		};
+
+		const unique_buffer<mutable_buffer> buf
+		{
+			1_MiB
+		};
+
+		const json::strung opts{json::members
+		{
+			{ "private_key_pem_path",  private_key_file  },
+			{ "public_key_pem_path",   public_key_file   },
+			{ "subject",               subject           },
+		}};
+
+		const auto cert
+		{
+			openssl::genX509_rsa(buf, opts)
+		};
+
+		fs::overwrite(cert_file, cert);
+	}
+
+	const auto cert_pem
+	{
+		fs::read(cert_file)
+	};
+
+	const unique_buffer<mutable_buffer> der_buf
+	{
+		8_KiB
+	};
+
+	const auto cert_der
+	{
+		openssl::cert2d(der_buf, cert_pem)
+	};
+
+	const fixed_buffer<const_buffer, crh::sha256::digest_size> hash
+	{
+		sha256{cert_der}
+	};
+
+	m::self::tls_cert_der_sha256_b64 =
+	{
+		b64encode_unpadded(hash)
+	};
+
+	log::info
+	{
+		m::log, "Certificate `%s' :PEM %zu bytes; DER %zu bytes; sha256b64 %s",
+		cert_file,
+		cert_pem.size(),
+		ircd::size(cert_der),
+		m::self::tls_cert_der_sha256_b64
+	};
+
+	const unique_buffer<mutable_buffer> print_buf
+	{
+		8_KiB
+	};
+
+	log::info
+	{
+		m::log, "Certificate `%s' :%s",
+		cert_file,
+		openssl::print_subject(print_buf, cert_pem)
+	};
+}
+
+conf::item<std::string>
+ed25519_key_dir
+{
+	{ "name",     "ircd.keys.ed25519_key_dir"  },
+	{ "default",  fs::cwd()                    }
+};
+
+void
+init_my_ed25519()
+{
+	if(!m::self::origin)
+		throw error
+		{
+			"The m::self::origin must be set to init my ed25519 key."
+		};
+
+	const std::string path_parts[]
+	{
+		ed25519_key_dir,
+		m::self::origin + ".ed25519",
+	};
+
+	const std::string sk_file
+	{
+		fs::make_path(path_parts)
+	};
+
+	if(fs::exists(sk_file))
+		log::info
+		{
+			m::log, "Using ed25519 secret key @ `%s'", sk_file
+		};
+	else
+		log::notice
+		{
+			m::log, "Creating ed25519 secret key @ `%s'", sk_file
+		};
+
+	m::self::secret_key = ed25519::sk
+	{
+		sk_file, &m::self::public_key
+	};
+
+	m::self::public_key_b64 = b64encode_unpadded(m::self::public_key);
+	const fixed_buffer<const_buffer, sha256::digest_size> hash
+	{
+		sha256{m::self::public_key}
+	};
+
+	const auto public_key_hash_b58
+	{
+		b58encode(hash)
+	};
+
+	static const auto trunc_size{8};
+	m::self::public_key_id = fmt::snstringf
+	{
+		32, "ed25519:%s", trunc(public_key_hash_b58, trunc_size)
+	};
+
+	log::info
+	{
+		m::log, "Current key is '%s' and the public key is: %s",
+		m::self::public_key_id,
+		m::self::public_key_b64
+	};
+}
+
+const m::hookfn<>
+create_my_key_hook
+{
+	create_my_key,
+	{
+		{ "_site",     "vm.notify"           },
+		{ "room_id",   m::my_node.room_id()  },
+		{ "type",      "m.room.create"       },
+	}
+};
+
+void
+create_my_key(const m::event &)
+{
+	const json::members verify_keys_
+	{{
+		string_view{m::self::public_key_id},
+		{
+			{ "key", m::self::public_key_b64 }
+		}
+	}};
+
+	const json::members tlsfps
+	{
+		{ "sha256", m::self::tls_cert_der_sha256_b64 }
+	};
+
+	const json::value tlsfp[1]
+	{
+		{ tlsfps }
+	};
+
+	m::keys my_key;
+	json::get<"server_name"_>(my_key) = my_host();
+	json::get<"old_verify_keys"_>(my_key) = "{}";
+	json::get<"valid_until_ts"_>(my_key) = ircd::time<milliseconds>() + duration_cast<milliseconds>(hours(2160)).count();
+
+	const json::strung verify_keys{verify_keys_}; // must be on stack until my_keys serialized.
+	json::get<"verify_keys"_>(my_key) = verify_keys;
+
+	const json::strung tls_fingerprints{json::value{tlsfp, 1}}; // must be on stack until my_keys serialized.
+	json::get<"tls_fingerprints"_>(my_key) = tls_fingerprints;
+
+	const json::strung presig
+	{
+		my_key
+	};
+
+	const ed25519::sig sig
+	{
+		m::self::secret_key.sign(const_buffer{presig})
+	};
+
+	char signature[256];
+	const json::strung signatures{json::members
+	{
+		{ my_host(),
+		{
+			{ string_view{m::self::public_key_id}, b64encode_unpadded(signature, sig) }
+		}}
+	}};
+
+	json::get<"signatures"_>(my_key) = signatures;
+	cache_set(json::strung{my_key});
+}
+
+//
+// query
+//
+
 conf::item<milliseconds>
 query_keys_timeout
 {
-	{ "name",     "ircd.key.keys.query.timeout" },
-	{ "default",  20000L                        }
+	{ "name",     "ircd.keys.query.timeout" },
+	{ "default",  20000L                    }
 };

 extern "C" bool
@ -104,8 +403,8 @@ catch(const ctx::timeout &e)
 conf::item<milliseconds>
 get_keys_timeout
 {
-	{ "name",     "ircd.key.keys.get.timeout" },
-	{ "default",  20000L                       }
+	{ "name",     "ircd.keys.get.timeout" },
+	{ "default",  20000L                  }
 };

 void
@ -183,75 +482,6 @@ catch(const ctx::timeout &e)
 	};
 }

-size_t
-cache_set(const json::object &keys)
-{
-	const auto &server_name
-	{
-		unquote(keys.at("server_name"))
-	};
-
-	const m::node::id::buf node_id
-	{
-		"", server_name
-	};
-
-	const m::node::room node_room
-	{
-		node_id
-	};
-
-	if(!exists(node_room.room_id))
-		create(node_room, m::me.user_id);
-
-	const json::object &vks
-	{
-		keys.at("verify_keys")
-	};
-
-	size_t ret{0};
-	for(const auto &member : vks)
-	{
-		if(ret > 16)
-			return ret;
-
-		const auto &key_id(unquote(member.first));
-		send(node_room, m::me.user_id, "ircd.key", key_id, keys);
-		++ret;
-	}
-
-	return ret;
-}
-
-bool
-cache_get(const string_view &server_name,
-          const string_view &key_id,
-          const m::keys::closure &closure)
-{
-	const m::node::id::buf node_id
-	{
-		"", server_name
-	};
-
-	const m::node::room node_room
-	{
-		node_id
-	};
-
-	const auto reclosure{[&closure]
-	(const m::event &event)
-	{
-		closure(json::get<"content"_>(event));
-	}};
-
-	// Without a key_id we search for the most recent key; note this is not
-	// the same as making a state_key="" query, as that would be an actual
-	// ircd.key entry without an id (which shouldn't exist).
-	return !key_id?
-		node_room.get(std::nothrow, "ircd.key", reclosure):
-		node_room.get(std::nothrow, "ircd.key", key_id, reclosure);
-}
-
 bool
 verify__keys(const m::keys &keys)
 noexcept try
@ -333,69 +563,71 @@ catch(const std::exception &e)
 	return false;
 }

-static void
-create_my_key(const m::event &)
+size_t
+cache_set(const json::object &keys)
 {
-	const json::strung verify_keys{json::members
+	const auto &server_name
 	{
-		{ string_view{m::self::public_key_id},
-		{
-			{ "key", m::self::public_key_b64 }
-		}}
-	}};
-
-	const json::members tlsfps
-	{
-		{ "sha256", m::self::tls_cert_der_sha256_b64 }
+		unquote(keys.at("server_name"))
 	};

-	const json::value tlsfp[1]
+	const m::node::id::buf node_id
 	{
-		{ tlsfps }
+		"", server_name
 	};

-	const json::strung tls_fingerprints{json::value
+	const m::node::room node_room
 	{
-		tlsfp, 1
-	}};
-
-	m::keys my_key;
-	json::get<"server_name"_>(my_key) = my_host();
-	json::get<"old_verify_keys"_>(my_key) = "{}";
-	json::get<"valid_until_ts"_>(my_key) = ircd::time<milliseconds>() + duration_cast<milliseconds>(hours(2160)).count();
-	json::get<"verify_keys"_>(my_key) = verify_keys;
-	json::get<"tls_fingerprints"_>(my_key) = tls_fingerprints;
-
-	const json::strung presig
-	{
-		my_key
+		node_id
 	};

-	const ed25519::sig sig
+	if(!exists(node_room.room_id))
+		create(node_room, m::me.user_id);
+
+	const json::object &vks
 	{
-		m::self::secret_key.sign(const_buffer{presig})
+		keys.at("verify_keys")
 	};

-	char signature[256];
-	const json::strung signatures{json::members
+	size_t ret{0};
+	for(const auto &member : vks)
 	{
-		{ my_host(),
-		{
-			{ string_view{m::self::public_key_id}, b64encode_unpadded(signature, sig) }
-		}}
-	}};
+		if(ret > 16)
+			return ret;

-	json::get<"signatures"_>(my_key) = signatures;
-	cache_set(json::strung{my_key});
+		const auto &key_id(unquote(member.first));
+		send(node_room, m::me.user_id, "ircd.key", key_id, keys);
+		++ret;
+	}
+
+	return ret;
 }

-const m::hookfn<>
-create_my_key_hook
+bool
+cache_get(const string_view &server_name,
+          const string_view &key_id,
+          const m::keys::closure &closure)
 {
-	create_my_key,
+	const m::node::id::buf node_id
 	{
-		{ "_site",     "vm.notify"           },
-		{ "room_id",   m::my_node.room_id()  },
-		{ "type",      "m.room.create"       },
-	}
-};
+		"", server_name
+	};
+
+	const m::node::room node_room
+	{
+		node_id
+	};
+
+	const auto reclosure{[&closure]
+	(const m::event &event)
+	{
+		closure(json::get<"content"_>(event));
+	}};
+
+	// Without a key_id we search for the most recent key; note this is not
+	// the same as making a state_key="" query, as that would be an actual
+	// ircd.key entry without an id (which shouldn't exist).
+	return !key_id?
+		node_room.get(std::nothrow, "ircd.key", reclosure):
+		node_room.get(std::nothrow, "ircd.key", key_id, reclosure);
+}