diff --git a/native/android/app/CMakeLists.txt b/native/android/app/CMakeLists.txt --- a/native/android/app/CMakeLists.txt +++ b/native/android/app/CMakeLists.txt @@ -43,15 +43,15 @@ set(Rust_CARGO_TARGET armv7-linux-androideabi) endif() -string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} CMAKE_HOST_SYSTEM_NAME_LOWER) -set(_toolchain_path - "$ENV{ANDROID_HOME}/ndk/${NDK_VERSION}/toolchains/llvm/prebuilt/${CMAKE_HOST_SYSTEM_NAME_LOWER}-x86_64/bin" -) -if(EXISTS "${_toolchain_path}/${Rust_CARGO_TARGET}-ar") - set(AR "${_toolchain_path}/${Rust_CARGO_TARGET}-ar") -else() - set(AR "${_toolchain_path}/llvm-ar") -endif() +#string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} CMAKE_HOST_SYSTEM_NAME_LOWER) +#set(_toolchain_path +# "$ENV{ANDROID_HOME}/ndk/${NDK_VERSION}/toolchains/llvm/prebuilt/${CMAKE_HOST_SYSTEM_NAME_LOWER}-x86_64/bin" +#) +#if(EXISTS "${_toolchain_path}/${Rust_CARGO_TARGET}-ar") +# set(AR "${_toolchain_path}/${Rust_CARGO_TARGET}-ar") +#else() +# set(AR "${_toolchain_path}/llvm-ar") +#endif() FetchContent_Declare( Corrosion diff --git a/native/native_rust_library/Cargo.lock b/native/native_rust_library/Cargo.lock --- a/native/native_rust_library/Cargo.lock +++ b/native/native_rust_library/Cargo.lock @@ -111,6 +111,12 @@ "tower-service", ] +[[package]] +name = "base16ct" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" + [[package]] name = "base64" version = "0.13.0" @@ -140,21 +146,18 @@ [[package]] name = "block-buffer" -version = "0.9.0" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e" dependencies = [ "generic-array", ] [[package]] -name = "block-buffer" -version = "0.10.3" +name = "bumpalo" +version = "3.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e" -dependencies = [ - "generic-array", -] +checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" [[package]] name = "byteorder" @@ -191,16 +194,23 @@ ] [[package]] -name = "comm-opaque" -version = "0.1.0" +name = "comm-opaque2" +version = "0.2.0" dependencies = [ "argon2", - "curve25519-dalek", - "digest 0.9.0", - "opaque-ke", - "sha2", + "log", + "opaque-ke 2.0.0", + "rand", + "tonic", + "wasm-bindgen", ] +[[package]] +name = "const-oid" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913" + [[package]] name = "constant_time_eq" version = "0.1.5" @@ -216,6 +226,18 @@ "libc", ] +[[package]] +name = "crypto-bigint" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -238,9 +260,9 @@ [[package]] name = "curve25519-dalek" -version = "3.2.1" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90f9d052967f590a76e62eb387bd0bbb1b000182c3cefe5364db6b7211651bc0" +checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61" dependencies = [ "byteorder", "digest 0.9.0", @@ -249,6 +271,19 @@ "zeroize", ] +[[package]] +name = "curve25519-dalek" +version = "4.0.0-pre.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4033478fbf70d6acf2655ac70da91ee65852d69daf7a67bf7a2f518fb47aafcf" +dependencies = [ + "byteorder", + "digest 0.9.0", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + [[package]] name = "cxx" version = "1.0.75" @@ -293,6 +328,26 @@ "syn", ] +[[package]] +name = "der" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" +dependencies = [ + "const-oid", +] + +[[package]] +name = "derive-where" +version = "1.0.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d322f2907b2abad3117790c1a54d8f2d64574ba0fbea54cb6c6e66a0e50d99a4" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "digest" version = "0.9.0" @@ -308,7 +363,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "adfbc57365a37acbd2ebf2b64d7e69bb766e2fea813521ed536f5d0520dcf86c" dependencies = [ - "block-buffer 0.10.3", + "block-buffer", "crypto-common", "subtle", ] @@ -330,6 +385,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" +[[package]] +name = "elliptic-curve" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" +dependencies = [ + "base16ct", + "crypto-bigint", + "der", + "digest 0.10.5", + "ff", + "generic-array", + "group", + "rand_core 0.6.4", + "sec1", + "subtle", + "zeroize", +] + [[package]] name = "fastrand" version = "1.8.0" @@ -339,6 +413,16 @@ "instant", ] +[[package]] +name = "ff" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +dependencies = [ + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "fixedbitset" version = "0.4.2" @@ -396,30 +480,31 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" dependencies = [ + "serde", "typenum", "version_check", ] [[package]] name = "getrandom" -version = "0.1.16" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" +checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" dependencies = [ "cfg-if", "libc", - "wasi 0.9.0+wasi-snapshot-preview1", + "wasi", ] [[package]] -name = "getrandom" -version = "0.2.7" +name = "group" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" +checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" dependencies = [ - "cfg-if", - "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "ff", + "rand_core 0.6.4", + "subtle", ] [[package]] @@ -469,7 +554,16 @@ checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b" dependencies = [ "digest 0.9.0", - "hmac", + "hmac 0.11.0", +] + +[[package]] +name = "hkdf" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +dependencies = [ + "hmac 0.12.1", ] [[package]] @@ -482,6 +576,15 @@ "digest 0.9.0", ] +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.5", +] + [[package]] name = "http" version = "0.2.8" @@ -648,7 +751,7 @@ dependencies = [ "libc", "log", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "windows-sys 0.36.1", ] @@ -662,11 +765,11 @@ name = "native_rust_library" version = "0.1.0" dependencies = [ - "comm-opaque", + "comm-opaque2", "cxx", "cxx-build", "lazy_static", - "opaque-ke", + "opaque-ke 1.2.0", "prost", "rand", "regex", @@ -693,12 +796,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" -[[package]] -name = "opaque-debug" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" - [[package]] name = "opaque-ke" version = "1.2.0" @@ -706,14 +803,36 @@ checksum = "f25e5f1be61b7a94f388368a24739318fe4edd2b841d20d7077a422a5391e22f" dependencies = [ "constant_time_eq", - "curve25519-dalek", + "curve25519-dalek 3.2.0", "digest 0.9.0", "displaydoc", "generic-array", - "hkdf", - "hmac", + "hkdf 0.11.0", + "hmac 0.11.0", + "rand", + "subtle", + "zeroize", +] + +[[package]] +name = "opaque-ke" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76d410412d23781909d90c3900c5783e830586765f2277bccc78167da8af81a5" +dependencies = [ + "argon2", + "curve25519-dalek 4.0.0-pre.1", + "derive-where", + "digest 0.10.5", + "displaydoc", + "elliptic-curve", + "generic-array", + "hkdf 0.12.3", + "hmac 0.12.1", "rand", + "serde", "subtle", + "voprf", "zeroize", ] @@ -889,9 +1008,6 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.16", -] [[package]] name = "rand_core" @@ -899,7 +1015,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom 0.2.7", + "getrandom", ] [[package]] @@ -943,23 +1059,48 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8132065adcfd6e02db789d9285a0deb2f3fcb04002865ab67d5fb103533898" +[[package]] +name = "sec1" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" +dependencies = [ + "base16ct", + "der", + "generic-array", + "subtle", + "zeroize", +] + [[package]] name = "serde" version = "1.0.144" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0f747710de3dcd43b88c9168773254e809d8ddbdf9653b84e2554ab219f17860" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.144" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94ed3a816fb1d101812f83e789f888322c34e291f894f19590dc310963e87a00" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] [[package]] name = "sha2" -version = "0.9.9" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" +checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" dependencies = [ - "block-buffer 0.9.0", "cfg-if", "cpufeatures", - "digest 0.9.0", - "opaque-debug", + "digest 0.10.5", ] [[package]] @@ -1278,6 +1419,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +[[package]] +name = "voprf" +version = "0.4.0-pre.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "081acbe8fcf05d5e8e2aad8ef3d40e02eddeaec07c75a9770d862a0fc0874322" +dependencies = [ + "curve25519-dalek 4.0.0-pre.1", + "derive-where", + "digest 0.10.5", + "displaydoc", + "elliptic-curve", + "generic-array", + "rand_core 0.6.4", + "serde", + "sha2", + "subtle", + "zeroize", +] + [[package]] name = "want" version = "0.3.0" @@ -1290,15 +1450,63 @@ [[package]] name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" +version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] -name = "wasi" -version = "0.11.0+wasi-snapshot-preview1" +name = "wasm-bindgen" +version = "0.2.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" [[package]] name = "which" @@ -1444,9 +1652,9 @@ [[package]] name = "zeroize" -version = "1.3.0" +version = "1.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd" +checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" dependencies = [ "zeroize_derive", ] diff --git a/native/native_rust_library/Cargo.toml b/native/native_rust_library/Cargo.toml --- a/native/native_rust_library/Cargo.toml +++ b/native/native_rust_library/Cargo.toml @@ -17,7 +17,7 @@ opaque-ke = "1.2" tracing = "0.1" regex = "1.6" -comm-opaque = {path = "../../shared/comm-opaque"} +comm-opaque2 = {path = "../../shared/comm-opaque2"} [build-dependencies] cxx-build = "1.0" diff --git a/native/native_rust_library/build.rs b/native/native_rust_library/build.rs --- a/native/native_rust_library/build.rs +++ b/native/native_rust_library/build.rs @@ -3,7 +3,7 @@ .build_server(false) .compile( &[ - "../../shared/protos/identity.proto", + "../../shared/protos/identity_client.proto", "../../shared/protos/tunnelbroker.proto", ], &["../../shared/protos"], @@ -13,6 +13,4 @@ cxx_build::bridge("src/lib.rs").flag_if_supported("-std=c++17"); println!("cargo:rerun-if-changed=src/lib.rs"); - println!("cargo:rerun-if-changed=../../shared/protos/identity.proto"); - println!("cargo:rerun-if-changed=../../shared/protos/tunnelbroker.proto"); } diff --git a/native/native_rust_library/src/identity_client.rs b/native/native_rust_library/src/identity_client.rs --- a/native/native_rust_library/src/identity_client.rs +++ b/native/native_rust_library/src/identity_client.rs @@ -1,501 +1,32 @@ -use opaque_ke::{ - ClientLogin, ClientLoginFinishParameters, ClientLoginStartParameters, - ClientLoginStartResult, ClientRegistration, - ClientRegistrationFinishParameters, CredentialFinalization, - CredentialResponse, RegistrationResponse, RegistrationUpload, -}; -use rand::{rngs::OsRng, CryptoRng, Rng}; -use tokio::sync::mpsc; -use tokio_stream::wrappers::ReceiverStream; -use tonic::{Request, Status}; -use tracing::error; +use tonic::Status; -use crate::identity::{ - login_request::Data::PakeLoginRequest, - login_request::Data::WalletLoginRequest, - login_response::Data::PakeLoginResponse as LoginPakeLoginResponse, - login_response::Data::WalletLoginResponse, - pake_login_request::Data::PakeCredentialFinalization as LoginPakeCredentialFinalization, - pake_login_request::Data::PakeCredentialRequestAndUserId, - pake_login_response::Data::AccessToken, - pake_login_response::Data::PakeCredentialResponse, - registration_request::Data::PakeCredentialFinalization as RegistrationPakeCredentialFinalization, - registration_request::Data::PakeRegistrationRequestAndUserId, - registration_request::Data::PakeRegistrationUploadAndCredentialRequest, - registration_response::Data::PakeLoginResponse as RegistrationPakeLoginResponse, - registration_response::Data::PakeRegistrationResponse, GetUserIdRequest, - LoginRequest, LoginResponse, - PakeCredentialRequestAndUserId as PakeCredentialRequestAndUserIdStruct, - PakeLoginRequest as PakeLoginRequestStruct, - PakeLoginResponse as PakeLoginResponseStruct, - PakeRegistrationRequestAndUserId as PakeRegistrationRequestAndUserIdStruct, - PakeRegistrationUploadAndCredentialRequest as PakeRegistrationUploadAndCredentialRequestStruct, - RegistrationRequest, RegistrationResponse as RegistrationResponseMessage, - VerifyUserTokenRequest, WalletLoginRequest as WalletLoginRequestStruct, - WalletLoginResponse as WalletLoginResponseStruct, -}; use crate::IdentityClient; -use comm_opaque::Cipher; - -pub async fn get_user_id( - mut client: Box, - auth_type: i32, - user_info: String, -) -> Result { - Ok( - client - .identity_client - .get_user_id(GetUserIdRequest { - auth_type, - user_info, - }) - .await? - .into_inner() - .user_id, - ) -} - -pub async fn verify_user_token( - mut client: Box, - user_id: String, - signing_public_key: String, - access_token: String, -) -> Result { - Ok( - client - .identity_client - .verify_user_token(VerifyUserTokenRequest { - user_id, - signing_public_key, - access_token, - }) - .await? - .into_inner() - .token_valid, - ) -} pub async fn register_user( - mut client: Box, - user_id: String, - signing_public_key: String, - username: String, - password: String, + mut _client: Box, + _user_id: String, + _signing_public_key: String, + _username: String, + _password: String, ) -> Result { - // Create a RegistrationRequest channel and use ReceiverStream to turn the - // MPSC receiver into a Stream for outbound messages - let (tx, rx) = mpsc::channel(1); - let stream = ReceiverStream::new(rx); - let request = Request::new(stream); - - // `response` is the Stream for inbound messages - let mut response = client - .identity_client - .register_user(request) - .await? - .into_inner(); - - // Start PAKE registration on client and send initial registration request - // to Identity service - let mut client_rng = OsRng; - let (registration_request, client_registration) = pake_registration_start( - &mut client_rng, - user_id, - &password, - signing_public_key, - username, - )?; - if let Err(e) = tx.send(registration_request).await { - error!("Response was dropped: {}", e); - return Err(Status::aborted("Dropped response")); - } - - // Handle responses from Identity service sequentially, making sure we get - // messages in the correct order - - // Finish PAKE registration and begin PAKE login; send the final - // registration request and initial login request together to reduce the - // number of trips - let message = response.message().await?; - let client_login = handle_registration_response( - message, - &mut client_rng, - client_registration, - &password, - tx.clone(), - ) - .await?; - - // Finish PAKE login; send final login request to Identity service - let message = response.message().await?; - handle_registration_credential_response(message, client_login, tx).await?; - - // Return access token - let message = response.message().await?; - handle_registration_token_response(message) + unimplemented!(); } pub async fn login_user_pake( - mut client: Box, - user_id: String, - signing_public_key: String, - password: String, + mut _client: Box, + _user_id: String, + _signing_public_key: String, + _password: String, ) -> Result { - // Create a LoginRequest channel and use ReceiverStream to turn the - // MPSC receiver into a Stream for outbound messages - let (tx, rx) = mpsc::channel(1); - let stream = ReceiverStream::new(rx); - let request = Request::new(stream); - - // `response` is the Stream for inbound messages - let mut response = client - .identity_client - .login_user(request) - .await? - .into_inner(); - - // Start PAKE login on client and send initial login request to Identity - // service - let mut client_rng = OsRng; - let client_login_start_result = pake_login_start(&mut client_rng, &password)?; - let login_request = LoginRequest { - data: Some(PakeLoginRequest(PakeLoginRequestStruct { - data: Some(PakeCredentialRequestAndUserId( - PakeCredentialRequestAndUserIdStruct { - user_id, - signing_public_key, - pake_credential_request: client_login_start_result - .message - .serialize() - .map_err(|e| { - error!("Could not serialize credential request: {}", e); - Status::failed_precondition("PAKE failure") - })?, - // Todo: provide actual session initialization info - session_initialization_info: None, - }, - )), - })), - }; - if let Err(e) = tx.send(login_request).await { - error!("Response was dropped: {}", e); - return Err(Status::aborted("Dropped response")); - } - - // Handle responses from Identity service sequentially, making sure we get - // messages in the correct order - - // Finish PAKE login; send final login request to Identity service - let message = response.message().await?; - handle_login_credential_response( - message, - client_login_start_result.state, - tx, - ) - .await?; - - // Return access token - let message = response.message().await?; - handle_login_token_response(message) + unimplemented!(); } pub async fn login_user_wallet( - mut client: Box, - user_id: String, - signing_public_key: String, - siwe_message: String, - siwe_signature: String, + mut _client: Box, + _user_id: String, + _signing_public_key: String, + _siwe_message: String, + _siwe_signature: String, ) -> Result { - // Create a LoginRequest channel and use ReceiverStream to turn the - // MPSC receiver into a Stream for outbound messages - let (tx, rx) = mpsc::channel(1); - let stream = ReceiverStream::new(rx); - let request = Request::new(stream); - - // `response` is the Stream for inbound messages - let mut response = client - .identity_client - .login_user(request) - .await? - .into_inner(); - - // Start wallet login on client and send initial login request to Identity - // service - let login_request = LoginRequest { - data: Some(WalletLoginRequest(WalletLoginRequestStruct { - user_id, - signing_public_key, - siwe_message, - siwe_signature, - // Todo: provide actual session initialization info - session_initialization_info: None, - })), - }; - if let Err(e) = tx.send(login_request).await { - error!("Response was dropped: {}", e); - return Err(Status::aborted("Dropped response")); - } - - // Return access token - let message = response.message().await?; - handle_wallet_login_response(message) -} - -fn pake_registration_start( - rng: &mut (impl Rng + CryptoRng), - user_id: String, - password: &str, - signing_public_key: String, - username: String, -) -> Result<(RegistrationRequest, ClientRegistration), Status> { - let client_registration_start_result = - ClientRegistration::::start(rng, password.as_bytes()).map_err( - |e| { - error!("Failed to start PAKE registration: {}", e); - Status::failed_precondition("PAKE failure") - }, - )?; - let pake_registration_request = - client_registration_start_result.message.serialize(); - Ok(( - RegistrationRequest { - data: Some(PakeRegistrationRequestAndUserId( - PakeRegistrationRequestAndUserIdStruct { - user_id, - signing_public_key, - pake_registration_request, - username, - // Todo: provide actual session initialization info - session_initialization_info: None, - }, - )), - }, - client_registration_start_result.state, - )) -} - -fn pake_registration_finish( - rng: &mut (impl Rng + CryptoRng), - registration_response_bytes: &[u8], - client_registration: ClientRegistration, -) -> Result, Status> { - client_registration - .finish( - rng, - RegistrationResponse::deserialize(registration_response_bytes).map_err( - |e| { - error!("Could not deserialize registration response bytes: {}", e); - Status::aborted("Invalid response bytes") - }, - )?, - ClientRegistrationFinishParameters::default(), - ) - .map_err(|e| { - error!("Failed to finish PAKE registration: {}", e); - Status::aborted("PAKE failure") - }) - .map(|res| res.message) -} - -fn pake_login_start( - rng: &mut (impl Rng + CryptoRng), - password: &str, -) -> Result, Status> { - ClientLogin::::start( - rng, - password.as_bytes(), - ClientLoginStartParameters::default(), - ) - .map_err(|e| { - error!("Failed to start PAKE login: {}", e); - Status::failed_precondition("PAKE failure") - }) -} - -fn pake_login_finish( - credential_response_bytes: &[u8], - client_login: ClientLogin, -) -> Result, Status> { - client_login - .finish( - CredentialResponse::deserialize(credential_response_bytes).map_err( - |e| { - error!("Could not deserialize credential response bytes: {}", e); - Status::aborted("Invalid response bytes") - }, - )?, - ClientLoginFinishParameters::default(), - ) - .map_err(|e| { - error!("Failed to finish PAKE login: {}", e); - Status::aborted("PAKE failure") - }) - .map(|res| res.message) -} - -fn handle_unexpected_response( - message: Option, -) -> Status { - error!("Received an unexpected message: {:?}", message); - Status::invalid_argument("Invalid response data") -} - -async fn handle_registration_response( - message: Option, - client_rng: &mut (impl Rng + CryptoRng), - client_registration: ClientRegistration, - password: &str, - tx: mpsc::Sender, -) -> Result, Status> { - if let Some(RegistrationResponseMessage { - data: Some(PakeRegistrationResponse(registration_response_bytes)), - .. - }) = message - { - let pake_registration_upload = pake_registration_finish( - client_rng, - ®istration_response_bytes, - client_registration, - )? - .serialize(); - let client_login_start_result = pake_login_start(client_rng, password)?; - - // `registration_request` is a gRPC message containing serialized bytes to - // complete PAKE registration and begin PAKE login - let registration_request = RegistrationRequest { - data: Some(PakeRegistrationUploadAndCredentialRequest( - PakeRegistrationUploadAndCredentialRequestStruct { - pake_registration_upload, - pake_credential_request: client_login_start_result - .message - .serialize() - .map_err(|e| { - error!("Could not serialize credential request: {}", e); - Status::failed_precondition("PAKE failure") - })?, - }, - )), - }; - if let Err(e) = tx.send(registration_request).await { - error!("Response was dropped: {}", e); - return Err(Status::aborted("Dropped response")); - } - Ok(client_login_start_result.state) - } else { - Err(handle_unexpected_response(message)) - } -} - -async fn handle_registration_credential_response( - message: Option, - client_login: ClientLogin, - tx: mpsc::Sender, -) -> Result<(), Status> { - if let Some(RegistrationResponseMessage { - data: - Some(RegistrationPakeLoginResponse(PakeLoginResponseStruct { - data: Some(PakeCredentialResponse(credential_response_bytes)), - })), - }) = message - { - let registration_request = RegistrationRequest { - data: Some(RegistrationPakeCredentialFinalization( - pake_login_finish(&credential_response_bytes, client_login)? - .serialize() - .map_err(|e| { - error!("Could not serialize credential request: {}", e); - Status::failed_precondition("PAKE failure") - })?, - )), - }; - send_to_mpsc(tx, registration_request).await - } else { - Err(handle_unexpected_response(message)) - } -} - -async fn handle_login_credential_response( - message: Option, - client_login: ClientLogin, - tx: mpsc::Sender, -) -> Result<(), Status> { - if let Some(LoginResponse { - data: - Some(LoginPakeLoginResponse(PakeLoginResponseStruct { - data: Some(PakeCredentialResponse(credential_response_bytes)), - })), - }) = message - { - let login_request = LoginRequest { - data: Some(PakeLoginRequest(PakeLoginRequestStruct { - data: Some(LoginPakeCredentialFinalization( - pake_login_finish(&credential_response_bytes, client_login)? - .serialize() - .map_err(|e| { - error!("Could not serialize credential request: {}", e); - Status::failed_precondition("PAKE failure") - })?, - )), - })), - }; - send_to_mpsc(tx, login_request).await - } else { - Err(handle_unexpected_response(message)) - } -} - -fn handle_registration_token_response( - message: Option, -) -> Result { - if let Some(RegistrationResponseMessage { - data: - Some(RegistrationPakeLoginResponse(PakeLoginResponseStruct { - data: Some(AccessToken(access_token)), - })), - }) = message - { - Ok(access_token) - } else { - Err(handle_unexpected_response(message)) - } -} - -fn handle_login_token_response( - message: Option, -) -> Result { - if let Some(LoginResponse { - data: - Some(LoginPakeLoginResponse(PakeLoginResponseStruct { - data: Some(AccessToken(access_token)), - })), - }) = message - { - Ok(access_token) - } else { - Err(handle_unexpected_response(message)) - } -} - -fn handle_wallet_login_response( - message: Option, -) -> Result { - if let Some(LoginResponse { - data: Some(WalletLoginResponse(WalletLoginResponseStruct { access_token })), - }) = message - { - Ok(access_token) - } else { - Err(handle_unexpected_response(message)) - } -} - -async fn send_to_mpsc( - tx: mpsc::Sender, - request: T, -) -> Result<(), Status> { - if let Err(e) = tx.send(request).await { - error!("Response was dropped: {}", e); - return Err(Status::aborted("Dropped response")); - } - Ok(()) + unimplemented!(); } diff --git a/native/native_rust_library/src/lib.rs b/native/native_rust_library/src/lib.rs --- a/native/native_rust_library/src/lib.rs +++ b/native/native_rust_library/src/lib.rs @@ -8,14 +8,14 @@ mod crypto_tools; mod identity_client; mod identity { - tonic::include_proto!("identity.keyserver"); + tonic::include_proto!("identity.client"); } mod tunnelbroker { tonic::include_proto!("tunnelbroker"); } use crypto_tools::generate_device_id; -use identity::identity_keyserver_service_client::IdentityKeyserverServiceClient; +use identity::identity_client_service_client::IdentityClientServiceClient; lazy_static! { pub static ref RUNTIME: Arc = Arc::new( @@ -44,21 +44,6 @@ #[cxx_name = "identityInitializeClient"] fn initialize_identity_client(addr: String) -> Box; - #[cxx_name = "identityGetUserIdBlocking"] - fn identity_get_user_id_blocking( - client: Box, - auth_type: i32, - user_info: String, - ) -> Result; - - #[cxx_name = "identityVerifyUserTokenBlocking"] - fn identity_verify_user_token_blocking( - client: Box, - user_id: String, - signing_public_key: String, - access_token: String, - ) -> Result; - #[cxx_name = "identityRegisterUserBlocking"] fn identity_register_user_blocking( client: Box, @@ -98,41 +83,17 @@ #[derive(Debug)] pub struct IdentityClient { - identity_client: IdentityKeyserverServiceClient, + identity_client: IdentityClientServiceClient, } fn initialize_identity_client(addr: String) -> Box { Box::new(IdentityClient { identity_client: RUNTIME - .block_on(IdentityKeyserverServiceClient::connect(addr)) + .block_on(IdentityClientServiceClient::connect(addr)) .unwrap(), }) } -#[instrument] -fn identity_get_user_id_blocking( - client: Box, - auth_type: i32, - user_info: String, -) -> Result { - RUNTIME.block_on(identity_client::get_user_id(client, auth_type, user_info)) -} - -#[instrument] -fn identity_verify_user_token_blocking( - client: Box, - user_id: String, - signing_public_key: String, - access_token: String, -) -> Result { - RUNTIME.block_on(identity_client::verify_user_token( - client, - user_id, - signing_public_key, - access_token, - )) -} - #[instrument] fn identity_register_user_blocking( client: Box, diff --git a/services/identity/Cargo.lock b/services/identity/Cargo.lock --- a/services/identity/Cargo.lock +++ b/services/identity/Cargo.lock @@ -591,7 +591,6 @@ version = "0.2.0" dependencies = [ "argon2", - "getrandom 0.2.8", "log", "opaque-ke 2.0.0", "rand", diff --git a/shared/comm-opaque2/Cargo.lock b/shared/comm-opaque2/Cargo.lock --- a/shared/comm-opaque2/Cargo.lock +++ b/shared/comm-opaque2/Cargo.lock @@ -106,23 +106,11 @@ version = "0.2.0" dependencies = [ "argon2", - "getrandom", "log", "opaque-ke", "rand", "tonic", "wasm-bindgen", - "wasm-bindgen-test", -] - -[[package]] -name = "console_error_panic_hook" -version = "0.1.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a06aeb73f470f66dcdbf7223caeebb85984942f22f1adb2a088cf9668146bbbc" -dependencies = [ - "cfg-if", - "wasm-bindgen", ] [[package]] @@ -309,10 +297,8 @@ checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31" dependencies = [ "cfg-if", - "js-sys", "libc", "wasi", - "wasm-bindgen", ] [[package]] @@ -372,15 +358,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" -[[package]] -name = "js-sys" -version = "0.3.61" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730" -dependencies = [ - "wasm-bindgen", -] - [[package]] name = "libc" version = "0.2.140" @@ -527,12 +504,6 @@ "getrandom", ] -[[package]] -name = "scoped-tls" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294" - [[package]] name = "sec1" version = "0.3.0" @@ -782,18 +753,6 @@ "wasm-bindgen-shared", ] -[[package]] -name = "wasm-bindgen-futures" -version = "0.4.34" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f219e0d211ba40266969f6dbdd90636da12f75bee4fc9d6c23d1260dadb51454" -dependencies = [ - "cfg-if", - "js-sys", - "wasm-bindgen", - "web-sys", -] - [[package]] name = "wasm-bindgen-macro" version = "0.2.84" @@ -823,40 +782,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" -[[package]] -name = "wasm-bindgen-test" -version = "0.3.34" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6db36fc0f9fb209e88fb3642590ae0205bb5a56216dabd963ba15879fe53a30b" -dependencies = [ - "console_error_panic_hook", - "js-sys", - "scoped-tls", - "wasm-bindgen", - "wasm-bindgen-futures", - "wasm-bindgen-test-macro", -] - -[[package]] -name = "wasm-bindgen-test-macro" -version = "0.3.34" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0734759ae6b3b1717d661fe4f016efcfb9828f5edb4520c18eaee05af3b43be9" -dependencies = [ - "proc-macro2", - "quote", -] - -[[package]] -name = "web-sys" -version = "0.3.61" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - [[package]] name = "windows-sys" version = "0.45.0" diff --git a/shared/comm-opaque2/Cargo.toml b/shared/comm-opaque2/Cargo.toml --- a/shared/comm-opaque2/Cargo.toml +++ b/shared/comm-opaque2/Cargo.toml @@ -3,22 +3,10 @@ version = "0.2.0" edition = "2021" -[lib] -crate-type = ["cdylib", "lib"] - [dependencies] argon2 = "0.4" -getrandom = { version = "0.2", features = [ "js", "wasm-bindgen" ] } log = "0.4" opaque-ke = { version = "2.0", features = [ "argon2" ] } rand = "0.8" tonic = { version = "0.8", default-features = false } wasm-bindgen = "0.2" - -[dev-dependencies] -wasm-bindgen-test = "0.3" - -[profile.release] -# Optimize for small code size -opt-level = "s" -strip = "debuginfo" diff --git a/web/opaque-ke-wasm/.gitignore b/web/opaque-ke-wasm/.gitignore new file mode 100644 --- /dev/null +++ b/web/opaque-ke-wasm/.gitignore @@ -0,0 +1 @@ +target/ diff --git a/shared/comm-opaque2/Cargo.lock b/web/opaque-ke-wasm/Cargo.lock copy from shared/comm-opaque2/Cargo.lock copy to web/opaque-ke-wasm/Cargo.lock --- a/shared/comm-opaque2/Cargo.lock +++ b/web/opaque-ke-wasm/Cargo.lock @@ -32,7 +32,7 @@ dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -106,12 +106,20 @@ version = "0.2.0" dependencies = [ "argon2", - "getrandom", "log", "opaque-ke", "rand", "tonic", "wasm-bindgen", +] + +[[package]] +name = "comm-opaque2-wasm" +version = "0.2.0" +dependencies = [ + "comm-opaque2", + "getrandom", + "wasm-bindgen", "wasm-bindgen-test", ] @@ -133,9 +141,9 @@ [[package]] name = "cpufeatures" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" +checksum = "280a9f2d8b3a38871a3c8a46fb80db65e5e5ed97da80c4d08bf27fb63e35e181" dependencies = [ "libc", ] @@ -192,7 +200,7 @@ dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -223,7 +231,7 @@ dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -458,7 +466,7 @@ dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -481,9 +489,9 @@ [[package]] name = "proc-macro2" -version = "1.0.52" +version = "1.0.54" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224" +checksum = "e472a104799c74b514a57226160104aa483546de37e839ec50e3c2e41dd87534" dependencies = [ "unicode-ident", ] @@ -548,22 +556,22 @@ [[package]] name = "serde" -version = "1.0.156" +version = "1.0.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "314b5b092c0ade17c00142951e50ced110ec27cea304b1037c6969246c2469a4" +checksum = "771d4d9c4163ee138805e12c710dd365e4f44be8be0503cb1bb9eb989425d9c9" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.156" +version = "1.0.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7e29c4601e36bcec74a223228dce795f4cd3616341a4af93520ca1a837c087d" +checksum = "e801c1712f48475582b7696ac71e0ca34ebb30e09338425384269d9717c62cad" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.10", ] [[package]] @@ -595,15 +603,14 @@ ] [[package]] -name = "synstructure" -version = "0.12.6" +name = "syn" +version = "2.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +checksum = "5aad1363ed6d37b84299588d62d3a7d95b5a5c2d9aad5c85609fda12afaa1f40" dependencies = [ "proc-macro2", "quote", - "syn", - "unicode-xid", + "unicode-ident", ] [[package]] @@ -696,7 +703,7 @@ dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -720,12 +727,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4" -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - [[package]] name = "version_check" version = "0.9.4" @@ -778,7 +779,7 @@ "once_cell", "proc-macro2", "quote", - "syn", + "syn 1.0.109", "wasm-bindgen-shared", ] @@ -812,7 +813,7 @@ dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -925,21 +926,20 @@ [[package]] name = "zeroize" -version = "1.5.7" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" +checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" dependencies = [ "zeroize_derive", ] [[package]] name = "zeroize_derive" -version = "1.3.3" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44bf07cb3e50ea2003396695d58bf46bc9887a1f362260446fad6bc4e79bd36c" +checksum = "57090580b8b26d9fd2288c4ac982b3b3c6446cd8e91112bcf672d5ddb2f17441" dependencies = [ "proc-macro2", "quote", - "syn", - "synstructure", + "syn 2.0.10", ] diff --git a/shared/comm-opaque2/Cargo.toml b/web/opaque-ke-wasm/Cargo.toml copy from shared/comm-opaque2/Cargo.toml copy to web/opaque-ke-wasm/Cargo.toml --- a/shared/comm-opaque2/Cargo.toml +++ b/web/opaque-ke-wasm/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "comm-opaque2" +name = "comm-opaque2-wasm" version = "0.2.0" edition = "2021" @@ -7,12 +7,8 @@ crate-type = ["cdylib", "lib"] [dependencies] -argon2 = "0.4" +comm-opaque2 = { path = "../../shared/comm-opaque2" } getrandom = { version = "0.2", features = [ "js", "wasm-bindgen" ] } -log = "0.4" -opaque-ke = { version = "2.0", features = [ "argon2" ] } -rand = "0.8" -tonic = { version = "0.8", default-features = false } wasm-bindgen = "0.2" [dev-dependencies] diff --git a/web/opaque-ke-wasm/src/lib.rs b/web/opaque-ke-wasm/src/lib.rs new file mode 100644 --- /dev/null +++ b/web/opaque-ke-wasm/src/lib.rs @@ -0,0 +1 @@ +pub use comm_opaque2::client::{Login, Registration};