Page MenuHomePhabricator

[keyserver] Verify `signedIdentityKeysBlob` signature in `logInResponder`
ClosedPublic

Authored by atul on Feb 25 2023, 1:18 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 4, 2:02 AM
Unknown Object (File)
Mon, Nov 4, 2:01 AM
Unknown Object (File)
Mon, Nov 4, 2:01 AM
Unknown Object (File)
Mon, Nov 4, 2:01 AM
Unknown Object (File)
Mon, Nov 4, 1:50 AM
Unknown Object (File)
Tue, Oct 22, 12:30 PM
Unknown Object (File)
Tue, Oct 22, 12:30 PM
Unknown Object (File)
Tue, Oct 22, 12:30 PM
Subscribers
None

Details

Summary

Pass primaryIdentityPublicKeys.ed25519, signedIdentityKeysBlob.payload and signedIdentityKeysBlob.signature to olmUtil.ed25519_verify(...) to ensure that the signature is valid.


Depends on D6896

Test Plan

I tested with a valid signature and observed that ed25519_verify(...) succeeded. I tested with an invalid signature ("blah"), and observed that olmUtil.ed25519(...) threw an exception.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

keyserver/src/responders/user-responders.js
345 ↗(On Diff #23097)

Need to move this to when keyserver starts up (IIRC olm.init() loads the wasm?)

346 ↗(On Diff #23097)

And we should instantiate this object once and make it accessible "globally."

atul requested review of this revision.Feb 25 2023, 1:34 AM
ashoat requested changes to this revision.Feb 26 2023, 5:49 AM

Nice! After this verification step, we should then JSON.parse(signedIdentityKeysBlob.payload) and run the result through an input validator. Then we'll be ready to store them in the DB. (Assume that's for a later diff, though.)

Requesting changes for this:

The reason this diff is titled [DRAFT] is because of the way we're calling olm.init() and new olm.Utility() every time logInResponder encounters a request with signedIdentityKeysBlob. Instead we'll want to probably run olm.init() once when keyserver starts up, and we'll want to instantiate olm.Utility() once and make it accessible globally.

We could probably just have a function getOlmUtility that returns a Promise that does lines 345 and 346 here, and caches the result.

This revision now requires changes to proceed.Feb 26 2023, 5:49 AM

We could probably just have a function getOlmUtility that returns a Promise that does lines 345 and 346 here, and caches the result.

I'll need to make sure there that await olm.init(); is "idempotent" and there aren't any issues with calling it multiple times. Just want to make sure in the case where the keyserver gets multiple siwe_auth requests at the same time that calling await olm.init() simultaneously/multiple times doesn't break anything.

atul requested review of this revision.Feb 27 2023, 1:27 PM
atul retitled this revision from [DRAFT] Verify `signedIdentityKeysBlob` signature in `logInResponder` to [keyserver] Verify `signedIdentityKeysBlob` signature in `logInResponder`.
atul edited the summary of this revision. (Show Details)

The reason this diff is titled [DRAFT] is because of the way we're calling olm.init() and new olm.Utility() every time logInResponder encounters a request with signedIdentityKeysBlob. Instead we'll want to probably run olm.init() once when keyserver starts up, and we'll want to instantiate olm.Utility() once and make it accessible globally.

Doing this in separate diff (think it is "separate unit of work" and should be reviewed separately). I'll link here, but this can be landed without issue.

In D6897#205149, @atul wrote:

We could probably just have a function getOlmUtility that returns a Promise that does lines 345 and 346 here, and caches the result.

I'll need to make sure there that await olm.init(); is "idempotent" and there aren't any issues with calling it multiple times. Just want to make sure in the case where the keyserver gets multiple siwe_auth requests at the same time that calling await olm.init() simultaneously/multiple times doesn't break anything.

Ah yeah I get what you mean. You could address this by storing the promise in some variable, and then checking if the variable is already set with the promise. If so you would return the existing promise, if not you could call olm.init() to get the promise and set it.

The core thing here is to avoid passing the promise to await before doing the caching... that's what introduces the possibility of a race.

this can be landed without issue

Did you test calling await olm.init() multiple times?

this can be landed without issue

Did you test calling await olm.init() multiple times?

Yup:

1f0cd0.png (1×2 px, 391 KB)

This revision is now accepted and ready to land.Feb 27 2023, 1:41 PM
This revision was landed with ongoing or failed builds.Feb 27 2023, 3:15 PM
This revision was automatically updated to reflect the committed changes.