diff --git a/services/identity/src/database.rs b/services/identity/src/database.rs --- a/services/identity/src/database.rs +++ b/services/identity/src/database.rs @@ -102,6 +102,7 @@ signing_public_key: Option, registration: Option>, username: Option, + session_initialization_info: Option<&HashMap>, ) -> Result { let mut update_expression_parts = Vec::new(); let mut expression_attribute_names = HashMap::new(); @@ -129,8 +130,15 @@ format!("#{}", USERS_TABLE_DEVICES_MAP_ATTRIBUTE_NAME), public_key, ); + let device_info = match session_initialization_info { + Some(info) => info + .iter() + .map(|(k, v)| (k.to_string(), AttributeValue::S(v.to_string()))) + .collect(), + None => HashMap::new(), + }; expression_attribute_values - .insert(":k".to_string(), AttributeValue::M(HashMap::new())); + .insert(":k".to_string(), AttributeValue::M(device_info)); }; self @@ -164,7 +172,14 @@ registration: ServerRegistration, username: String, signing_public_key: String, + session_initialization_info: &HashMap, ) -> Result { + let device_info: HashMap = + session_initialization_info + .iter() + .map(|(k, v)| (k.to_string(), AttributeValue::S(v.to_string()))) + .collect(); + let item = HashMap::from([ ( USERS_TABLE_PARTITION_KEY.to_string(), @@ -182,7 +197,7 @@ USERS_TABLE_DEVICES_ATTRIBUTE.to_string(), AttributeValue::M(HashMap::from([( signing_public_key, - AttributeValue::M(HashMap::new()), + AttributeValue::M(device_info), )])), ), ]); diff --git a/services/identity/src/service.rs b/services/identity/src/service.rs --- a/services/identity/src/service.rs +++ b/services/identity/src/service.rs @@ -386,6 +386,12 @@ Some(wallet_login_request.signing_public_key.clone()), None, None, + Some( + &wallet_login_request + .session_initialization_info + .ok_or_else(|| Status::invalid_argument("Invalid message"))? + .info, + ), ) .await .map_err(handle_db_error)?; @@ -461,6 +467,7 @@ pake_credential_finalization: &[u8], rng: &mut (impl Rng + CryptoRng), pake_workflow: PakeWorkflow, + session_initialization_info: &HashMap, ) -> Result { if user_id.is_empty() || signing_public_key.is_empty() { error!( @@ -491,6 +498,7 @@ Some(signing_public_key.to_string()), None, None, + Some(session_initialization_info), ) .await .map_err(handle_db_error)?; @@ -545,6 +553,7 @@ server_registration: Option>, username: &str, signing_public_key: &str, + session_initialization_info: &HashMap, ) -> Result<(), Status> { if user_id.is_empty() { error!("Incomplete data: user ID not provided"); @@ -574,6 +583,7 @@ server_registration_finish_result, username.to_string(), signing_public_key.to_string(), + session_initialization_info, ) .await { diff --git a/services/identity/src/service/login.rs b/services/identity/src/service/login.rs --- a/services/identity/src/service/login.rs +++ b/services/identity/src/service/login.rs @@ -3,6 +3,7 @@ user_id: String, signing_public_key: String, pake_state: ServerLogin, + session_initialization_info: HashMap, } pub async fn handle_login_request( message: Option>, @@ -50,6 +51,10 @@ signing_public_key: pake_credential_request_and_user_id .signing_public_key, pake_state: response_and_state.pake_state, + session_initialization_info: pake_credential_request_and_user_id + .session_initialization_info + .ok_or_else(|| Status::invalid_argument("Invalid message"))? + .info, })) } Some(_) | None => Err(Status::aborted("failure")), @@ -77,6 +82,7 @@ &pake_credential_finalization, &mut OsRng, PakeWorkflow::Login, + &login_state.session_initialization_info, ) .await .map(|pake_login_response| LoginResponse { diff --git a/services/identity/src/service/registration.rs b/services/identity/src/service/registration.rs --- a/services/identity/src/service/registration.rs +++ b/services/identity/src/service/registration.rs @@ -4,6 +4,7 @@ username: String, signing_public_key: String, pub pake_state: Option>, + session_initialization_info: HashMap, } pub async fn handle_registration_request( @@ -51,6 +52,10 @@ signing_public_key: pake_registration_request_and_user_id .signing_public_key, pake_state: Some(response_and_state.pake_state), + session_initialization_info: pake_registration_request_and_user_id + .session_initialization_info + .ok_or_else(|| Status::invalid_argument("Invalid message"))? + .info, }) } None | Some(_) => Err(Status::aborted("failure")), @@ -79,6 +84,7 @@ Some(pake_state), ®istration_state.username, ®istration_state.signing_public_key, + ®istration_state.session_initialization_info, ) .await { @@ -130,6 +136,7 @@ &pake_credential_finalization, &mut OsRng, PakeWorkflow::Registration, + ®istration_state.session_initialization_info, ) .await .map(|pake_login_response| RegistrationResponse { diff --git a/shared/protos/identity.proto b/shared/protos/identity.proto --- a/shared/protos/identity.proto +++ b/shared/protos/identity.proto @@ -37,6 +37,9 @@ // Message sent to initiate PAKE registration (step 1) bytes pakeRegistrationRequest = 3; string username = 4; + // Information specific to a user's device needed to open a new channel of + // communication with this user + SessionInitializationInfo sessionInitializationInfo = 5; } message PakeCredentialRequestAndUserID { @@ -45,6 +48,9 @@ string signingPublicKey = 2; // Message sent to initiate PAKE login (step 1) bytes pakeCredentialRequest = 3; + // Information specific to a user's device needed to open a new channel of + // communication with this user + SessionInitializationInfo sessionInitializationInfo = 4; } message PakeLoginRequest { @@ -79,6 +85,9 @@ string signingPublicKey = 2; string siweMessage = 3; bytes siweSignature = 4; + // Information specific to a user's device needed to open a new channel of + // communication with this user + SessionInitializationInfo sessionInitializationInfo = 5; } message WalletLoginResponse {