Page MenuHomePhabricator

Implement script to generate olm configuration JSON file for keyserver
ClosedPublic

Authored by marcin on Feb 15 2022, 12:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 17, 8:51 PM
Unknown Object (File)
Oct 27 2024, 11:19 PM
Unknown Object (File)
Oct 17 2024, 7:26 PM
Unknown Object (File)
Oct 17 2024, 7:26 PM
Unknown Object (File)
Oct 17 2024, 7:13 PM
Unknown Object (File)
Oct 9 2024, 7:39 PM
Unknown Object (File)
Sep 29 2024, 2:43 AM
Unknown Object (File)
Sep 6 2024, 7:50 PM

Details

Summary

Implemented script that uses olm library to create and pickle data (encryption keys) needed to establish sessions with keyserver as a client. It was discussed during a meeting that we do not expect pickling key to provide additional security layer so I simply used standard uuid library to generate it.

Test Plan

Run script both when the file is present to see it is overwritten and when it is missing to see it is created.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

tomek added inline comments.
server/src/scripts/generate-olm-config.js
16 ↗(On Diff #9697)

It was discussed during a meeting that we do not expect pickling key to provide additional security layer so

I'd feel safer if this pickling key was less deterministic, but on the other hand I'm not sure if it is possible for someone to acquire only the pickled account without the key. If an attacker has both, then key security doesn't matter. So we can probably keep the current approach.

This revision is now accepted and ready to land.Feb 16 2022, 6:39 AM
This revision now requires review to proceed.Feb 16 2022, 6:39 AM

If we decided to store pickling key separately from pickled olm account to tak advantage of additional security I would add crypto package to the project and use it to generate pickling key. But since we are storing it in the same file I can hardly imagine an attacker obtaining sole pickled account without pickling key. In fact this pickling key is used only because olm API requires so. Another solution would be to hardcode some string, but I am personally strongly against magic variables so I went ahead with uuid.

There's a separate "pickling" function for individual sessions, right? I want to make sure that we're not storing all of the session data in this JSON file – as the size of the session data is potentially unbounded, it should be stored in MySQL.

After seeing you land D3012 without addressing comments, I am very scared to hit the "Accept" button. @marcinwasowicz please maintain goodwill / trust here and respond to this comment before landing this diff.

This revision is now accepted and ready to land.Feb 22 2022, 12:00 AM

Additionally: the relationship between this diff, D3053, and D3211 is not made clear. Please specify the dependency graph by hitting "Edit Related Revisions" in the UI above, or by having the text "Depends on: Dsomething" in either the diff description or a diff comment

In D3209#86939, @ashoat wrote:

There's a separate "pickling" function for individual sessions, right? I want to make sure that we're not storing all of the session data in this JSON file – as the size of the session data is potentially unbounded, it should be stored in MySQL.

After seeing you land D3012 without addressing comments, I am very scared to hit the "Accept" button. @marcinwasowicz please maintain goodwill / trust here and respond to this comment before landing this diff.

Actually I was not involved in individual sessions storage representation so I do not now how it is implemented. The JSON file this diff is about holds only olm account for server that are needed to establish individual sessions so nothing session-specific is stored there. "Pickling" is the name of an operation olm uses to serialize olm account into string which is stored in JSON file. I do not know how individual sessions data are stored and whether is is also done with pickling technique, but I can assure that not session-specific data is being stored in this JSON.

In D3209#86948, @ashoat wrote:

Additionally: the relationship between this diff, D3053, and D3211 is not made clear. Please specify the dependency graph by hitting "Edit Related Revisions" in the UI above, or by having the text "Depends on: Dsomething" in either the diff description or a diff comment

D3211 is logical follow-up to this diff so I will link it appropriately.
D3053 is no longer relevant as it was submitted before we actually decided what content should be stored in this JSON file. It is my mistake I forgot to hit Abandon Revision button. I will do so once you read this comment and accept to abandon D3053.