[keyserver] Verify `signedIdentityKeysBlob` signature in `logInResponder`
ClosedPublic
Actions

Authored by atul on Feb 25 2023, 1:18 AM.

Details

Reviewers

ashoat
tomek

Commits

rCOMM76c64df43f92: [keyserver] Verify `signedIdentityKeysBlob` signature in `logInResponder`

Summary

Pass primaryIdentityPublicKeys.ed25519, signedIdentityKeysBlob.payload and signedIdentityKeysBlob.signature to olmUtil.ed25519_verify(...) to ensure that the signature is valid.

Depends on D6896

Test Plan

I tested with a valid signature and observed that ed25519_verify(...) succeeded. I tested with an invalid signature ("blah"), and observed that olmUtil.ed25519(...) threw an exception.

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

atul created this revision.Feb 25 2023, 1:18 AM

atul added inline comments.Feb 25 2023, 1:31 AM

keyserver/src/responders/user-responders.js
345 ↗	(On Diff #23097)	Need to move this to when `keyserver` starts up (IIRC `olm.init()` loads the `wasm`?)
346 ↗	(On Diff #23097)	And we should instantiate this object once and make it accessible "globally."

Harbormaster completed remote builds in B16906: Diff 23097.Feb 25 2023, 1:34 AM

atul requested review of this revision.Feb 25 2023, 1:34 AM

Nice! After this verification step, we should then JSON.parse(signedIdentityKeysBlob.payload) and run the result through an input validator. Then we'll be ready to store them in the DB. (Assume that's for a later diff, though.)

Requesting changes for this:

The reason this diff is titled [DRAFT] is because of the way we're calling olm.init() and new olm.Utility() every time logInResponder encounters a request with signedIdentityKeysBlob. Instead we'll want to probably run olm.init() once when keyserver starts up, and we'll want to instantiate olm.Utility() once and make it accessible globally.

We could probably just have a function getOlmUtility that returns a Promise that does lines 345 and 346 here, and caches the result.

This revision now requires changes to proceed.Feb 26 2023, 5:49 AM

We could probably just have a function getOlmUtility that returns a Promise that does lines 345 and 346 here, and caches the result.

I'll need to make sure there that await olm.init(); is "idempotent" and there aren't any issues with calling it multiple times. Just want to make sure in the case where the keyserver gets multiple siwe_auth requests at the same time that calling await olm.init() simultaneously/multiple times doesn't break anything.

The reason this diff is titled [DRAFT] is because of the way we're calling olm.init() and new olm.Utility() every time logInResponder encounters a request with signedIdentityKeysBlob. Instead we'll want to probably run olm.init() once when keyserver starts up, and we'll want to instantiate olm.Utility() once and make it accessible globally.

Doing this in separate diff (think it is "separate unit of work" and should be reviewed separately). I'll link here, but this can be landed without issue.

In D6897#205149, @atul wrote:

We could probably just have a function getOlmUtility that returns a Promise that does lines 345 and 346 here, and caches the result.

I'll need to make sure there that await olm.init(); is "idempotent" and there aren't any issues with calling it multiple times. Just want to make sure in the case where the keyserver gets multiple siwe_auth requests at the same time that calling await olm.init() simultaneously/multiple times doesn't break anything.

Ah yeah I get what you mean. You could address this by storing the promise in some variable, and then checking if the variable is already set with the promise. If so you would return the existing promise, if not you could call olm.init() to get the promise and set it.

The core thing here is to avoid passing the promise to await before doing the caching... that's what introduces the possibility of a race.