Page MenuHomePhabricator
Differential D11293

[lib] Add Tunnelbroker message types for QR code auth
ClosedPublic
Actions

Authored by bartek on Mar 11 2024, 6:17 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 23, 9:43 PM
Unknown Object (File)
Thu, Feb 27, 10:08 PM
Unknown Object (File)
Thu, Feb 27, 7:26 PM
Unknown Object (File)
Thu, Feb 27, 7:26 PM
Unknown Object (File)
Thu, Feb 27, 7:26 PM
Unknown Object (File)
Thu, Feb 27, 7:26 PM
Unknown Object (File)
Thu, Feb 27, 7:26 PM
Unknown Object (File)
Thu, Feb 27, 7:26 PM
View All Files
Subscribers
ashoat
tomek

Details

Reviewers
kamil
michal
Commits
rCOMM9983dec2bb77: [lib] Add Tunnelbroker message types for QR code auth
Summary

Added a new peer-to-peer message type for QR code auth flow. All messages are going to be encrypted separately via AES-256.

Depends on D11292

Test Plan

TBD

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek created this revision.Mar 11 2024, 6:17 AM
bartek held this revision as a draft.
Herald added subscribers: tomek, ashoat. · View Herald TranscriptMar 11 2024, 6:17 AM
bartek added a child revision: D11294: [native] Update device list on QR code scaned.Mar 11 2024, 6:17 AM
Harbormaster failed remote builds in B27423: Diff 37971!Mar 11 2024, 6:31 AM
bartek updated this revision to Diff 37984.Mar 11 2024, 6:47 AM

Rebase

Harbormaster failed remote builds in B27436: Diff 37984!Mar 11 2024, 7:02 AM
bartek edited the summary of this revision. (Show Details)Mar 11 2024, 7:05 AM
bartek updated this revision to Diff 37990.Mar 11 2024, 7:19 AM

Rebase

Harbormaster failed remote builds in B27442: Diff 37990!Mar 11 2024, 7:32 AM
bartek updated this revision to Diff 38011.Mar 12 2024, 12:09 AM

Fix lint

Harbormaster completed remote builds in B27462: Diff 38011.Mar 12 2024, 12:24 AM
bartek published this revision for review.Mar 12 2024, 1:37 AM
bartek added inline comments.
lib/utils/qr-code-auth.js
13 ↗(On Diff #37984)

Messages are going to be encrypted using AES-256. This is going to be implemented in a further diff. For now it's just stub - the content is JSON-stringified in plaintext

kamil accepted this revision.Mar 13 2024, 5:35 AM
kamil added inline comments.
lib/types/tunnelbroker/peer-to-peer-message-types.js
60–63 ↗(On Diff #38011)

are you sure, you don't need a senderInfo here? How do you plan to decrypt encryptedContent / establish session?

This revision is now accepted and ready to land.Mar 13 2024, 5:35 AM
ashoat added inline comments.Mar 13 2024, 9:47 AM
lib/types/tunnelbroker/peer-to-peer-message-types.js
60–63 ↗(On Diff #38011)

I haven't looked too closely at this code, but let me know if there's any way I can help clarify the protocol

bartek added inline comments.Mar 14 2024, 2:07 AM
lib/types/tunnelbroker/peer-to-peer-message-types.js
60–63 ↗(On Diff #38011)

Messages are AES-256 encrypted. The encryption key is a part of the QR code. So both parties can encrypt/decrypt.

bartek updated this revision to Diff 38123.Mar 18 2024, 4:53 AM

Add backupLogDataKey to the backup message

Harbormaster completed remote builds in B27552: Diff 38123.Mar 18 2024, 5:07 AM
Closed by commit rCOMM9983dec2bb77: [lib] Add Tunnelbroker message types for QR code auth (authored by bartek). · Explain WhyMar 21 2024, 4:29 AM
This revision was automatically updated to reflect the committed changes.
bartek added a commit: rCOMM9983dec2bb77: [lib] Add Tunnelbroker message types for QR code auth.

Revision Contents
Changeset List

PathSize
lib/
types/
tunnelbroker/
15 lines
58 lines
utils/
34 lines

Diff 38247

View Options

lib/types/tunnelbroker/peer-to-peer-message-types.js

// @flow // @flow
import { useNavigation } from '@react-navigation/native'; import { useNavigation } from '@react-navigation/native';
import { BarCodeScanner, type BarCodeEvent } from 'expo-barcode-scanner'; import { BarCodeScanner, type BarCodeEvent } from 'expo-barcode-scanner';
import invariant from 'invariant'; import invariant from 'invariant';
import * as React from 'react'; import * as React from 'react';
import { View } from 'react-native'; import { View } from 'react-native';
import { parseDataFromDeepLink } from 'lib/facts/links.js'; import { parseDataFromDeepLink } from 'lib/facts/links.js';
import { IdentityClientContext } from 'lib/shared/identity-client-context.js'; import { IdentityClientContext } from 'lib/shared/identity-client-context.js';
import { useTunnelbroker } from 'lib/tunnelbroker/tunnelbroker-context.js'; import { useTunnelbroker } from 'lib/tunnelbroker/tunnelbroker-context.js';
import {
backupKeysValidator,
type BackupKeys,
} from 'lib/types/backup-types.js';
import type { RawDeviceList } from 'lib/types/identity-service-types.js'; import type { RawDeviceList } from 'lib/types/identity-service-types.js';
import { import {
tunnelbrokerMessageTypes, tunnelbrokerMessageTypes,
type TunnelbrokerMessage, type TunnelbrokerMessage,
} from 'lib/types/tunnelbroker/messages.js'; } from 'lib/types/tunnelbroker/messages.js';
import { import {
peerToPeerMessageTypes, peerToPeerMessageTypes,
peerToPeerMessageValidator, peerToPeerMessageValidator,
type PeerToPeerMessage, type PeerToPeerMessage,
} from 'lib/types/tunnelbroker/peer-to-peer-message-types.js'; } from 'lib/types/tunnelbroker/peer-to-peer-message-types.js';
import { qrCodeAuthMessageTypes } from 'lib/types/tunnelbroker/qr-code-auth-message-types.js'; import { qrCodeAuthMessageTypes } from 'lib/types/tunnelbroker/qr-code-auth-message-types.js';
import { assertWithValidator } from 'lib/utils/validation-utils.js';
import type { ProfileNavigationProp } from './profile.react.js'; import type { ProfileNavigationProp } from './profile.react.js';
import { getBackupSecret } from '../backup/use-client-backup.js';
import { commCoreModule } from '../native-modules.js';
import type { NavigationRoute } from '../navigation/route-names.js'; import type { NavigationRoute } from '../navigation/route-names.js';
import { import {
composeTunnelbrokerQRAuthMessage, composeTunnelbrokerQRAuthMessage,
parseTunnelbrokerQRAuthMessage, parseTunnelbrokerQRAuthMessage,
} from '../qr-code/qr-code-utils.js'; } from '../qr-code/qr-code-utils.js';
import { useStyles } from '../themes/colors.js'; import { useStyles } from '../themes/colors.js';
import Alert from '../utils/alert.js'; import Alert from '../utils/alert.js';
▲ Show 20 LinesShow All 120 Lines▼ Show 20 Lines async (message: TunnelbrokerMessage) => {
payload?.type !== payload?.type !==
qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS
) { ) {
return; return;
} }
void broadcastDeviceListUpdate(); void broadcastDeviceListUpdate();
const backupSecret = await getBackupSecret();
const backupKeysResponse =
await commCoreModule.retrieveBackupKeys(backupSecret);
const backupKeys = assertWithValidator<BackupKeys>(
JSON.parse(backupKeysResponse),
backupKeysValidator,
);
const backupKeyMessage = await composeTunnelbrokerQRAuthMessage( const backupKeyMessage = await composeTunnelbrokerQRAuthMessage(
encryptionKey, encryptionKey,
{ {
type: qrCodeAuthMessageTypes.BACKUP_DATA_KEY_MESSAGE, type: qrCodeAuthMessageTypes.BACKUP_DATA_KEY_MESSAGE,
backupID: 'stub', ...backupKeys,
backupDataKey: 'stub',
backupLogDataKey: 'stub',
}, },
); );
await tunnelbrokerContext.sendMessage({ await tunnelbrokerContext.sendMessage({
deviceID: targetDeviceID, deviceID: targetDeviceID,
payload: JSON.stringify(backupKeyMessage), payload: JSON.stringify(backupKeyMessage),
}); });
Alert.alert('Device added', 'Device registered successfully', [ Alert.alert('Device added', 'Device registered successfully', [
▲ Show 20 LinesShow All 144 LinesShow Last 20 Lines
View Options

lib/types/tunnelbroker/qr-code-auth-message-types.js

// @flow // @flow
import { useNavigation } from '@react-navigation/native'; import { useNavigation } from '@react-navigation/native';
import { BarCodeScanner, type BarCodeEvent } from 'expo-barcode-scanner'; import { BarCodeScanner, type BarCodeEvent } from 'expo-barcode-scanner';
import invariant from 'invariant'; import invariant from 'invariant';
import * as React from 'react'; import * as React from 'react';
import { View } from 'react-native'; import { View } from 'react-native';
import { parseDataFromDeepLink } from 'lib/facts/links.js'; import { parseDataFromDeepLink } from 'lib/facts/links.js';
import { IdentityClientContext } from 'lib/shared/identity-client-context.js'; import { IdentityClientContext } from 'lib/shared/identity-client-context.js';
import { useTunnelbroker } from 'lib/tunnelbroker/tunnelbroker-context.js'; import { useTunnelbroker } from 'lib/tunnelbroker/tunnelbroker-context.js';
import {
backupKeysValidator,
type BackupKeys,
} from 'lib/types/backup-types.js';
import type { RawDeviceList } from 'lib/types/identity-service-types.js'; import type { RawDeviceList } from 'lib/types/identity-service-types.js';
import { import {
tunnelbrokerMessageTypes, tunnelbrokerMessageTypes,
type TunnelbrokerMessage, type TunnelbrokerMessage,
} from 'lib/types/tunnelbroker/messages.js'; } from 'lib/types/tunnelbroker/messages.js';
import { import {
peerToPeerMessageTypes, peerToPeerMessageTypes,
peerToPeerMessageValidator, peerToPeerMessageValidator,
type PeerToPeerMessage, type PeerToPeerMessage,
} from 'lib/types/tunnelbroker/peer-to-peer-message-types.js'; } from 'lib/types/tunnelbroker/peer-to-peer-message-types.js';
import { qrCodeAuthMessageTypes } from 'lib/types/tunnelbroker/qr-code-auth-message-types.js'; import { qrCodeAuthMessageTypes } from 'lib/types/tunnelbroker/qr-code-auth-message-types.js';
import { assertWithValidator } from 'lib/utils/validation-utils.js';
import type { ProfileNavigationProp } from './profile.react.js'; import type { ProfileNavigationProp } from './profile.react.js';
import { getBackupSecret } from '../backup/use-client-backup.js';
import { commCoreModule } from '../native-modules.js';
import type { NavigationRoute } from '../navigation/route-names.js'; import type { NavigationRoute } from '../navigation/route-names.js';
import { import {
composeTunnelbrokerQRAuthMessage, composeTunnelbrokerQRAuthMessage,
parseTunnelbrokerQRAuthMessage, parseTunnelbrokerQRAuthMessage,
} from '../qr-code/qr-code-utils.js'; } from '../qr-code/qr-code-utils.js';
import { useStyles } from '../themes/colors.js'; import { useStyles } from '../themes/colors.js';
import Alert from '../utils/alert.js'; import Alert from '../utils/alert.js';
▲ Show 20 LinesShow All 120 Lines▼ Show 20 Lines async (message: TunnelbrokerMessage) => {
payload?.type !== payload?.type !==
qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS
) { ) {
return; return;
} }
void broadcastDeviceListUpdate(); void broadcastDeviceListUpdate();
const backupSecret = await getBackupSecret();
const backupKeysResponse =
await commCoreModule.retrieveBackupKeys(backupSecret);
const backupKeys = assertWithValidator<BackupKeys>(
JSON.parse(backupKeysResponse),
backupKeysValidator,
);
const backupKeyMessage = await composeTunnelbrokerQRAuthMessage( const backupKeyMessage = await composeTunnelbrokerQRAuthMessage(
encryptionKey, encryptionKey,
{ {
type: qrCodeAuthMessageTypes.BACKUP_DATA_KEY_MESSAGE, type: qrCodeAuthMessageTypes.BACKUP_DATA_KEY_MESSAGE,
backupID: 'stub', ...backupKeys,
backupDataKey: 'stub',
backupLogDataKey: 'stub',
}, },
); );
await tunnelbrokerContext.sendMessage({ await tunnelbrokerContext.sendMessage({
deviceID: targetDeviceID, deviceID: targetDeviceID,
payload: JSON.stringify(backupKeyMessage), payload: JSON.stringify(backupKeyMessage),
}); });
Alert.alert('Device added', 'Device registered successfully', [ Alert.alert('Device added', 'Device registered successfully', [
▲ Show 20 LinesShow All 144 LinesShow Last 20 Lines
View Options

lib/utils/qr-code-auth.js

// @flow // @flow
import { useNavigation } from '@react-navigation/native'; import { useNavigation } from '@react-navigation/native';
import { BarCodeScanner, type BarCodeEvent } from 'expo-barcode-scanner'; import { BarCodeScanner, type BarCodeEvent } from 'expo-barcode-scanner';
import invariant from 'invariant'; import invariant from 'invariant';
import * as React from 'react'; import * as React from 'react';
import { View } from 'react-native'; import { View } from 'react-native';
import { parseDataFromDeepLink } from 'lib/facts/links.js'; import { parseDataFromDeepLink } from 'lib/facts/links.js';
import { IdentityClientContext } from 'lib/shared/identity-client-context.js'; import { IdentityClientContext } from 'lib/shared/identity-client-context.js';
import { useTunnelbroker } from 'lib/tunnelbroker/tunnelbroker-context.js'; import { useTunnelbroker } from 'lib/tunnelbroker/tunnelbroker-context.js';
import {
backupKeysValidator,
type BackupKeys,
} from 'lib/types/backup-types.js';
import type { RawDeviceList } from 'lib/types/identity-service-types.js'; import type { RawDeviceList } from 'lib/types/identity-service-types.js';
import { import {
tunnelbrokerMessageTypes, tunnelbrokerMessageTypes,
type TunnelbrokerMessage, type TunnelbrokerMessage,
} from 'lib/types/tunnelbroker/messages.js'; } from 'lib/types/tunnelbroker/messages.js';
import { import {
peerToPeerMessageTypes, peerToPeerMessageTypes,
peerToPeerMessageValidator, peerToPeerMessageValidator,
type PeerToPeerMessage, type PeerToPeerMessage,
} from 'lib/types/tunnelbroker/peer-to-peer-message-types.js'; } from 'lib/types/tunnelbroker/peer-to-peer-message-types.js';
import { qrCodeAuthMessageTypes } from 'lib/types/tunnelbroker/qr-code-auth-message-types.js'; import { qrCodeAuthMessageTypes } from 'lib/types/tunnelbroker/qr-code-auth-message-types.js';
import { assertWithValidator } from 'lib/utils/validation-utils.js';
import type { ProfileNavigationProp } from './profile.react.js'; import type { ProfileNavigationProp } from './profile.react.js';
import { getBackupSecret } from '../backup/use-client-backup.js';
import { commCoreModule } from '../native-modules.js';
import type { NavigationRoute } from '../navigation/route-names.js'; import type { NavigationRoute } from '../navigation/route-names.js';
import { import {
composeTunnelbrokerQRAuthMessage, composeTunnelbrokerQRAuthMessage,
parseTunnelbrokerQRAuthMessage, parseTunnelbrokerQRAuthMessage,
} from '../qr-code/qr-code-utils.js'; } from '../qr-code/qr-code-utils.js';
import { useStyles } from '../themes/colors.js'; import { useStyles } from '../themes/colors.js';
import Alert from '../utils/alert.js'; import Alert from '../utils/alert.js';
▲ Show 20 LinesShow All 120 Lines▼ Show 20 Lines async (message: TunnelbrokerMessage) => {
payload?.type !== payload?.type !==
qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS
) { ) {
return; return;
} }
void broadcastDeviceListUpdate(); void broadcastDeviceListUpdate();
const backupSecret = await getBackupSecret();
const backupKeysResponse =
await commCoreModule.retrieveBackupKeys(backupSecret);
const backupKeys = assertWithValidator<BackupKeys>(
JSON.parse(backupKeysResponse),
backupKeysValidator,
);
const backupKeyMessage = await composeTunnelbrokerQRAuthMessage( const backupKeyMessage = await composeTunnelbrokerQRAuthMessage(
encryptionKey, encryptionKey,
{ {
type: qrCodeAuthMessageTypes.BACKUP_DATA_KEY_MESSAGE, type: qrCodeAuthMessageTypes.BACKUP_DATA_KEY_MESSAGE,
backupID: 'stub', ...backupKeys,
backupDataKey: 'stub',
backupLogDataKey: 'stub',
}, },
); );
await tunnelbrokerContext.sendMessage({ await tunnelbrokerContext.sendMessage({
deviceID: targetDeviceID, deviceID: targetDeviceID,
payload: JSON.stringify(backupKeyMessage), payload: JSON.stringify(backupKeyMessage),
}); });
Alert.alert('Device added', 'Device registered successfully', [ Alert.alert('Device added', 'Device registered successfully', [
▲ Show 20 LinesShow All 144 LinesShow Last 20 Lines