Page MenuHomePhabricator
Differential D7299

[Identity] Support keygen and server setup for opaque 2.0
ClosedPublic
Actions

Authored by jon on Apr 4 2023, 10:17 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 6, 3:28 AM
Unknown Object (File)
Wed, Nov 6, 3:28 AM
Unknown Object (File)
Tue, Nov 5, 10:24 PM
Unknown Object (File)
Tue, Nov 5, 10:24 PM
Unknown Object (File)
Tue, Nov 5, 10:24 PM
Unknown Object (File)
Tue, Nov 5, 10:23 PM
Unknown Object (File)
Sun, Oct 27, 12:56 AM
Unknown Object (File)
Sun, Oct 27, 12:56 AM
View All Files
Subscribers
ashoat
atul
tomek

Details

Reviewers
varun
bartek
Commits
rCOMMd4e0a8b899ae: [Identity] Support keygen and server setup for opaque 2.0
Summary

Opaque 2.0 requires different setup for it to run.
This adds support generating the secrets and adding the
ServerSetup object to the configuration.

Test Plan
cd services/identity
cargo run -- keygen
cargo run -- keygen # should skip writting files
cargo run -- server

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

jon created this revision.Apr 4 2023, 10:17 AM
Herald added subscribers: atul, tomek, ashoat. · View Herald TranscriptApr 4 2023, 10:17 AM
Harbormaster completed remote builds in B17963: Diff 24600.Apr 4 2023, 10:34 AM
jon requested review of this revision.Apr 4 2023, 10:34 AM
varun requested changes to this revision.Apr 5 2023, 11:48 AM
varun added inline comments.
services/identity/src/config.rs
4 ↗(On Diff #24600)

should we just remove path::Path here and inline path::Path where we currently write Path?

40 ↗(On Diff #24600)

should we do this above on line 31 as well instead of calling env::current_dir? figure we should be consistent

64 ↗(On Diff #24600)

why are we removing derive_more::Error?

88 ↗(On Diff #24600)
services/identity/src/constants.rs
6 ↗(On Diff #24600)

i know that PathBuf will infer that txt is the extension but i think it's better to be explicit like we are above. what do you think?

services/identity/src/keygen.rs
13 ↗(On Diff #24600)

same q as above, can we use PathBuf::new here?

30 ↗(On Diff #24600)

i think we can call path.pop() instead of shadowing path with a new value here

32–35 ↗(On Diff #24600)

haven't we already checked this above on line 15?

37–42 ↗(On Diff #24600)

we should invert the if condition so we can return early if the path already exists

This revision now requires changes to proceed.Apr 5 2023, 11:48 AM
jon updated this revision to Diff 24739.Apr 6 2023, 8:27 AM
jon marked 9 inline comments as done.

Address feedback

Harbormaster completed remote builds in B18053: Diff 24739.Apr 6 2023, 8:43 AM
jon added inline comments.Apr 6 2023, 7:37 PM
services/identity/src/config.rs
4 ↗(On Diff #24600)

sure

40 ↗(On Diff #24600)

we shouldn't call current_dir, as the directory could be an absolute path.

64 ↗(On Diff #24600)

ProtocolError doesn't implement it

https://docs.rs/opaque-ke/latest/src/opaque_ke/errors.rs.html#167

services/identity/src/constants.rs
6 ↗(On Diff #24600)

I've never seen a service configure an extension, they aren't required in unix.

services/identity/src/keygen.rs
13 ↗(On Diff #24600)

yea

30 ↗(On Diff #24600)

If the secrets directory is something like foo/bar, then pop() will just go to the parent.

32–35 ↗(On Diff #24600)

Since the original code assumes a relative path, these could be different if the path were changed to an absolute value.

We should probably just remove the env_dir logic from the existing code.

varun requested changes to this revision.Apr 7 2023, 10:52 AM
varun added inline comments.
services/identity/src/keygen.rs
13 ↗(On Diff #24600)

cool, can you make that change?

30 ↗(On Diff #24600)

makes sense

32–35 ↗(On Diff #24600)

cool, can we just switch to PathBuf::new above and then avoid checking this twice?

This revision now requires changes to proceed.Apr 7 2023, 10:52 AM
jon added a child revision: D7362: [Comm-opaque2] Don't require mut self on register finish.Apr 7 2023, 1:05 PM
jon added a child revision: D7365: [Identity] Register user on native client.Apr 7 2023, 1:16 PM
jon added a parent revision: D7298: [Identity] Handle key payload.Apr 7 2023, 1:33 PM
jon removed a child revision: D7365: [Identity] Register user on native client.
jon updated this revision to Diff 24860.Apr 7 2023, 2:34 PM
jon marked 3 inline comments as done.

Address feedback: move secrets dir creation to it's own block

Harbormaster completed remote builds in B18158: Diff 24860.Apr 7 2023, 3:06 PM
jon added inline comments.Apr 7 2023, 5:10 PM
services/identity/src/keygen.rs
13 ↗(On Diff #24600)

weird, thought I pushed the change.

32–35 ↗(On Diff #24600)

sure

varun accepted this revision.Apr 11 2023, 7:24 AM
This revision is now accepted and ready to land.Apr 11 2023, 7:24 AM
Closed by commit rCOMMd4e0a8b899ae: [Identity] Support keygen and server setup for opaque 2.0 (authored by jon). · Explain WhyApr 11 2023, 8:17 AM
This revision was automatically updated to reflect the committed changes.
jon added a commit: rCOMMd4e0a8b899ae: [Identity] Support keygen and server setup for opaque 2.0.

Revision Contents
Changeset List

PathSize
services/
identity/
src/
30 lines
1 line
41 lines
shared/
comm-opaque2/
src/
3 lines
server/
9 lines

Diff 24860

View Options

services/identity/src/config.rs

Loading...
View Options

services/identity/src/constants.rs

Loading...
View Options

services/identity/src/keygen.rs

Loading...
View Options

shared/comm-opaque2/src/lib.rs

Loading...
View Options

shared/comm-opaque2/src/server/mod.rs

Loading...