diff --git a/keyserver/Dockerfile b/keyserver/Dockerfile --- a/keyserver/Dockerfile +++ b/keyserver/Dockerfile @@ -134,6 +134,7 @@ # Copy in local dependencies of rust-node-addon COPY --chown=comm shared/comm-opaque shared/comm-opaque/ +COPY --chown=comm shared/comm-opaque2 shared/comm-opaque2/ COPY --chown=comm shared/tunnelbroker-client shared/tunnelbroker-client/ # Copy protobuf files as a dependency for the shared client libraries diff --git a/keyserver/addons/rust-node-addon/Cargo.lock b/keyserver/addons/rust-node-addon/Cargo.lock --- a/keyserver/addons/rust-node-addon/Cargo.lock +++ b/keyserver/addons/rust-node-addon/Cargo.lock @@ -104,6 +104,12 @@ "tower-service", ] +[[package]] +name = "base16ct" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" + [[package]] name = "base64" version = "0.13.1" @@ -149,6 +155,12 @@ "generic-array", ] +[[package]] +name = "bumpalo" +version = "3.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" + [[package]] name = "byteorder" version = "1.4.3" @@ -172,12 +184,30 @@ version = "0.1.0" dependencies = [ "argon2", - "curve25519-dalek", + "curve25519-dalek 3.2.0", "digest 0.9.0", - "opaque-ke", - "sha2", + "opaque-ke 1.2.0", + "sha2 0.9.9", ] +[[package]] +name = "comm-opaque2" +version = "0.2.0" +dependencies = [ + "argon2", + "log", + "opaque-ke 2.0.0", + "rand", + "tonic", + "wasm-bindgen", +] + +[[package]] +name = "const-oid" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913" + [[package]] name = "constant_time_eq" version = "0.1.5" @@ -202,6 +232,18 @@ "libc", ] +[[package]] +name = "crypto-bigint" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -234,9 +276,9 @@ [[package]] name = "curve25519-dalek" -version = "3.2.1" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90f9d052967f590a76e62eb387bd0bbb1b000182c3cefe5364db6b7211651bc0" +checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61" dependencies = [ "byteorder", "digest 0.9.0", @@ -245,6 +287,39 @@ "zeroize", ] +[[package]] +name = "curve25519-dalek" +version = "4.0.0-pre.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4033478fbf70d6acf2655ac70da91ee65852d69daf7a67bf7a2f518fb47aafcf" +dependencies = [ + "byteorder", + "digest 0.9.0", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + +[[package]] +name = "der" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" +dependencies = [ + "const-oid", +] + +[[package]] +name = "derive-where" +version = "1.0.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d322f2907b2abad3117790c1a54d8f2d64574ba0fbea54cb6c6e66a0e50d99a4" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "digest" version = "0.9.0" @@ -282,6 +357,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91" +[[package]] +name = "elliptic-curve" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" +dependencies = [ + "base16ct", + "crypto-bigint", + "der", + "digest 0.10.6", + "ff", + "generic-array", + "group", + "rand_core 0.6.4", + "sec1", + "subtle", + "zeroize", +] + [[package]] name = "fastrand" version = "1.9.0" @@ -291,6 +385,16 @@ "instant", ] +[[package]] +name = "ff" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +dependencies = [ + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "fixedbitset" version = "0.4.2" @@ -398,6 +502,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" dependencies = [ + "serde", "typenum", "version_check", ] @@ -424,6 +529,17 @@ "wasi 0.11.0+wasi-snapshot-preview1", ] +[[package]] +name = "group" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" +dependencies = [ + "ff", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "h2" version = "0.3.15" @@ -471,7 +587,16 @@ checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b" dependencies = [ "digest 0.9.0", - "hmac", + "hmac 0.11.0", +] + +[[package]] +name = "hkdf" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +dependencies = [ + "hmac 0.12.1", ] [[package]] @@ -484,6 +609,15 @@ "digest 0.9.0", ] +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.6", +] + [[package]] name = "http" version = "0.2.9" @@ -744,17 +878,39 @@ checksum = "f25e5f1be61b7a94f388368a24739318fe4edd2b841d20d7077a422a5391e22f" dependencies = [ "constant_time_eq", - "curve25519-dalek", + "curve25519-dalek 3.2.0", "digest 0.9.0", "displaydoc", "generic-array", - "hkdf", - "hmac", + "hkdf 0.11.0", + "hmac 0.11.0", "rand", "subtle", "zeroize", ] +[[package]] +name = "opaque-ke" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76d410412d23781909d90c3900c5783e830586765f2277bccc78167da8af81a5" +dependencies = [ + "argon2", + "curve25519-dalek 4.0.0-pre.1", + "derive-where", + "digest 0.10.6", + "displaydoc", + "elliptic-curve", + "generic-array", + "hkdf 0.12.3", + "hmac 0.12.1", + "rand", + "serde", + "subtle", + "voprf", + "zeroize", +] + [[package]] name = "password-hash" version = "0.4.2" @@ -980,11 +1136,12 @@ version = "0.1.0" dependencies = [ "comm-opaque", + "comm-opaque2", "lazy_static", "napi", "napi-build", "napi-derive", - "opaque-ke", + "opaque-ke 1.2.0", "prost", "rand", "serde", @@ -1009,6 +1166,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041" +[[package]] +name = "sec1" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" +dependencies = [ + "base16ct", + "der", + "generic-array", + "subtle", + "zeroize", +] + [[package]] name = "serde" version = "1.0.152" @@ -1053,6 +1223,17 @@ "opaque-debug", ] +[[package]] +name = "sha2" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.10.6", +] + [[package]] name = "slab" version = "0.4.8" @@ -1385,6 +1566,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +[[package]] +name = "voprf" +version = "0.4.0-pre.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "081acbe8fcf05d5e8e2aad8ef3d40e02eddeaec07c75a9770d862a0fc0874322" +dependencies = [ + "curve25519-dalek 4.0.0-pre.1", + "derive-where", + "digest 0.10.6", + "displaydoc", + "elliptic-curve", + "generic-array", + "rand_core 0.6.4", + "serde", + "sha2 0.10.6", + "subtle", + "zeroize", +] + [[package]] name = "want" version = "0.3.0" @@ -1407,6 +1607,60 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wasm-bindgen" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.84" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" + [[package]] name = "which" version = "4.4.0" @@ -1523,9 +1777,9 @@ [[package]] name = "zeroize" -version = "1.3.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd" +checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" dependencies = [ "zeroize_derive", ] diff --git a/keyserver/addons/rust-node-addon/Cargo.toml b/keyserver/addons/rust-node-addon/Cargo.toml --- a/keyserver/addons/rust-node-addon/Cargo.toml +++ b/keyserver/addons/rust-node-addon/Cargo.toml @@ -22,6 +22,7 @@ tracing = "0.1" prost = "0.11" comm-opaque = {path = "../../../shared/comm-opaque"} +comm-opaque2 = {path = "../../../shared/comm-opaque2"} lazy_static = "1.4" tunnelbroker-client = {path = "../../../shared/tunnelbroker-client"} serde_json = "1.0" diff --git a/keyserver/addons/rust-node-addon/build.rs b/keyserver/addons/rust-node-addon/build.rs --- a/keyserver/addons/rust-node-addon/build.rs +++ b/keyserver/addons/rust-node-addon/build.rs @@ -2,6 +2,14 @@ fn main() { napi_build::setup(); - tonic_build::compile_protos("../../../shared/protos/identity.proto") + tonic_build::configure() + .build_server(false) + .compile( + &[ + "../../../shared/protos/identity_client.proto", + "../../../shared/protos/identity.proto", + ], + &["../../../shared/protos"], + ) .unwrap_or_else(|e| panic!("Failed to compile protos {:?}", e)); } diff --git a/keyserver/addons/rust-node-addon/rust-binding-types.js b/keyserver/addons/rust-node-addon/rust-binding-types.js --- a/keyserver/addons/rust-node-addon/rust-binding-types.js +++ b/keyserver/addons/rust-node-addon/rust-binding-types.js @@ -22,12 +22,10 @@ type RustNativeBindingAPI = { +registerUser: ( - userId: string, - signingPublicKey: string, username: string, password: string, - sessionInitializationInfo: SignedIdentityKeysBlob, - ) => Promise, + signedIdentityKeysBlob: SignedIdentityKeysBlob, + ) => Promise, +loginUserPake: ( userId: string, signingPublicKey: string, diff --git a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs --- a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs +++ b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs @@ -5,6 +5,9 @@ pub mod identity { tonic::include_proto!("identity.keyserver"); } +pub mod identity_client { + tonic::include_proto!("identity.client"); +} pub mod update_user; use comm_opaque::Cipher; @@ -17,29 +20,24 @@ pake_login_request::Data::PakeCredentialFinalization as LoginPakeCredentialFinalization, pake_login_request::Data::PakeCredentialRequestAndUserId, pake_login_response::Data::AccessToken, - pake_login_response::Data::PakeCredentialResponse, - registration_request::Data::PakeCredentialFinalization as RegistrationPakeCredentialFinalization, - registration_request::Data::PakeRegistrationRequestAndUserId, - registration_request::Data::PakeRegistrationUploadAndCredentialRequest, - registration_response::Data::PakeLoginResponse as RegistrationPakeLoginResponse, - registration_response::Data::PakeRegistrationResponse, CompareUsersRequest, + pake_login_response::Data::PakeCredentialResponse, CompareUsersRequest, DeleteUserRequest, LoginRequest, LoginResponse, PakeCredentialRequestAndUserId as PakeCredentialRequestAndUserIdStruct, PakeLoginRequest as PakeLoginRequestStruct, - PakeLoginResponse as PakeLoginResponseStruct, - PakeRegistrationRequestAndUserId as PakeRegistrationRequestAndUserIdStruct, - PakeRegistrationUploadAndCredentialRequest as PakeRegistrationUploadAndCredentialRequestStruct, - RegistrationRequest, RegistrationResponse as RegistrationResponseMessage, - SessionInitializationInfo, WalletLoginRequest as WalletLoginRequestStruct, + PakeLoginResponse as PakeLoginResponseStruct, SessionInitializationInfo, + WalletLoginRequest as WalletLoginRequestStruct, WalletLoginResponse as WalletLoginResponseStruct, }; +use identity_client::identity_client_service_client::IdentityClientServiceClient; +use identity_client::{ + DeviceKeyUpload, IdentityKeyInfo, RegistrationFinishRequest, + RegistrationStartRequest, +}; use lazy_static::lazy_static; use napi::bindgen_prelude::*; use opaque_ke::{ ClientLogin, ClientLoginFinishParameters, ClientLoginStartParameters, - ClientLoginStartResult, ClientRegistration, - ClientRegistrationFinishParameters, CredentialFinalization, - CredentialResponse, RegistrationResponse, RegistrationUpload, + ClientLoginStartResult, CredentialFinalization, CredentialResponse, }; use rand::{rngs::OsRng, CryptoRng, Rng}; use serde::{Deserialize, Serialize}; @@ -137,3 +135,9 @@ ) }) } + +#[napi(object)] +pub struct SignedIdentityKeysBlob { + pub payload: String, + pub signature: String, +} diff --git a/keyserver/addons/rust-node-addon/src/identity_client/register_user.rs b/keyserver/addons/rust-node-addon/src/identity_client/register_user.rs --- a/keyserver/addons/rust-node-addon/src/identity_client/register_user.rs +++ b/keyserver/addons/rust-node-addon/src/identity_client/register_user.rs @@ -3,18 +3,17 @@ #[napi] #[instrument(skip_all)] pub async fn register_user( - user_id: String, - signing_public_key: String, username: String, password: String, - session_initialization_info: HashMap, -) -> Result { + signed_identity_keys_blob: SignedIdentityKeysBlob, +) -> Result { + // Set up the gRPC client that will be used to talk to the Identity service let channel = get_identity_service_channel().await?; let token: MetadataValue<_> = IDENTITY_SERVICE_CONFIG .identity_auth_token .parse() .map_err(|_| Error::from_status(Status::GenericFailure))?; - let mut identity_client = IdentityKeyserverServiceClient::with_interceptor( + let mut identity_client = IdentityClientServiceClient::with_interceptor( channel, |mut req: Request<()>| { req.metadata_mut().insert("authorization", token.clone()); @@ -22,209 +21,59 @@ }, ); - // Create a RegistrationRequest channel and use ReceiverStream to turn the - // MPSC receiver into a Stream for outbound messages - let (tx, rx) = mpsc::channel(1); - let stream = ReceiverStream::new(rx); - let request = Request::new(stream); + // Start OPAQUE registration and send initial registration request + let mut opaque_registration = comm_opaque2::client::Registration::new(); + let opaque_registration_request = opaque_registration + .start(&password) + .map_err(|_| Error::from_status(Status::GenericFailure))?; + let device_key_upload = DeviceKeyUpload { + device_key_info: Some(IdentityKeyInfo { + payload: signed_identity_keys_blob.payload, + payload_signature: signed_identity_keys_blob.signature, + social_proof: None, + }), + identity_upload: Some(identity_client::PreKey { + pre_key: String::new(), + pre_key_signature: String::new(), + }), + notif_upload: Some(identity_client::PreKey { + pre_key: String::new(), + pre_key_signature: String::new(), + }), + onetime_identity_prekeys: Vec::new(), + onetime_notif_prekeys: Vec::new(), + }; + let registration_start_request = Request::new(RegistrationStartRequest { + opaque_registration_request, + username, + device_key_upload: Some(device_key_upload), + }); - // `response` is the Stream for inbound messages - let mut response = identity_client - .register_user(request) + // Finish OPAQUE registration and send final registration request + let registration_start_response = identity_client + .register_password_user_start(registration_start_request) .await .map_err(|_| Error::from_status(Status::GenericFailure))? .into_inner(); - // Start PAKE registration on client and send initial registration request - // to Identity service - let mut client_rng = OsRng; - let (registration_request, client_registration) = pake_registration_start( - &mut client_rng, - user_id, - signing_public_key, - &password, - username, - SessionInitializationInfo { - info: session_initialization_info, - }, - )?; - send_to_mpsc(tx.clone(), registration_request).await?; - - // Handle responses from Identity service sequentially, making sure we get - // messages in the correct order - - // Finish PAKE registration and begin PAKE login; send the final - // registration request and initial login request together to reduce the - // number of trips - let message = response - .message() - .await + let opaque_registration_upload = opaque_registration + .finish( + &password, + ®istration_start_response.opaque_registration_response, + ) .map_err(|_| Error::from_status(Status::GenericFailure))?; - let client_login = handle_registration_response( - message, - &mut client_rng, - client_registration, - &password, - tx.clone(), - ) - .await?; - // Finish PAKE login; send final login request to Identity service - let message = response - .message() - .await - .map_err(|_| Error::from_status(Status::GenericFailure))?; - handle_registration_credential_response(message, client_login, tx) - .await - .map_err(|_| Error::from_status(Status::GenericFailure))?; + let registration_finish_request = Request::new(RegistrationFinishRequest { + session_id: registration_start_response.session_id, + opaque_registration_upload, + }); - // Return access token - let message = response - .message() + identity_client + .register_password_user_finish(registration_finish_request) .await - .map_err(|_| Error::from_status(Status::GenericFailure))?; - handle_registration_token_response(message) -} - -async fn handle_registration_response( - message: Option, - client_rng: &mut (impl Rng + CryptoRng), - client_registration: ClientRegistration, - password: &str, - tx: mpsc::Sender, -) -> Result> { - if let Some(RegistrationResponseMessage { - data: Some(PakeRegistrationResponse(registration_response_bytes)), - .. - }) = message - { - let pake_registration_upload = pake_registration_finish( - client_rng, - ®istration_response_bytes, - client_registration, - )? - .serialize(); - let client_login_start_result = pake_login_start(client_rng, password)?; - - // `registration_request` is a gRPC message containing serialized bytes to - // complete PAKE registration and begin PAKE login - let registration_request = RegistrationRequest { - data: Some(PakeRegistrationUploadAndCredentialRequest( - PakeRegistrationUploadAndCredentialRequestStruct { - pake_registration_upload, - pake_credential_request: client_login_start_result - .message - .serialize() - .map_err(|e| { - error!("Could not serialize credential request: {}", e); - Error::from_status(Status::GenericFailure) - })?, - }, - )), - }; - send_to_mpsc(tx, registration_request).await?; - Ok(client_login_start_result.state) - } else { - Err(handle_unexpected_response(message)) - } -} - -async fn handle_registration_credential_response( - message: Option, - client_login: ClientLogin, - tx: mpsc::Sender, -) -> Result<()> { - if let Some(RegistrationResponseMessage { - data: - Some(RegistrationPakeLoginResponse(PakeLoginResponseStruct { - data: Some(PakeCredentialResponse(credential_response_bytes)), - })), - }) = message - { - let registration_request = RegistrationRequest { - data: Some(RegistrationPakeCredentialFinalization( - pake_login_finish(&credential_response_bytes, client_login)? - .serialize() - .map_err(|e| { - error!("Could not serialize credential request: {}", e); - Error::from_status(Status::GenericFailure) - })?, - )), - }; - send_to_mpsc(tx, registration_request).await - } else { - Err(handle_unexpected_response(message)) - } -} - -fn handle_registration_token_response( - message: Option, -) -> Result { - if let Some(RegistrationResponseMessage { - data: - Some(RegistrationPakeLoginResponse(PakeLoginResponseStruct { - data: Some(AccessToken(access_token)), - })), - }) = message - { - Ok(access_token) - } else { - Err(handle_unexpected_response(message)) - } -} - -fn pake_registration_start( - rng: &mut (impl Rng + CryptoRng), - user_id: String, - signing_public_key: String, - password: &str, - username: String, - session_initialization_info: SessionInitializationInfo, -) -> Result<(RegistrationRequest, ClientRegistration)> { - let client_registration_start_result = - ClientRegistration::::start(rng, password.as_bytes()).map_err( - |e| { - error!("Failed to start PAKE registration: {}", e); - Error::from_status(Status::GenericFailure) - }, - )?; - let pake_registration_request = - client_registration_start_result.message.serialize(); - Ok(( - RegistrationRequest { - data: Some(PakeRegistrationRequestAndUserId( - PakeRegistrationRequestAndUserIdStruct { - user_id, - pake_registration_request, - username, - signing_public_key, - session_initialization_info: Some(session_initialization_info), - }, - )), - }, - client_registration_start_result.state, - )) -} + .map_err(|_| Error::from_status(Status::GenericFailure))? + .into_inner(); -fn pake_registration_finish( - rng: &mut (impl Rng + CryptoRng), - registration_response_bytes: &[u8], - client_registration: ClientRegistration, -) -> Result> { - client_registration - .finish( - rng, - RegistrationResponse::deserialize(registration_response_bytes).map_err( - |e| { - error!("Could not deserialize registration response bytes: {}", e); - Error::from_status(Status::GenericFailure) - }, - )?, - ClientRegistrationFinishParameters::default(), - ) - .map_err(|e| { - error!("Failed to finish PAKE registration: {}", e); - Error::from_status(Status::GenericFailure) - }) - .map(|res| res.message) + // Keyserver doesn't need the access token, so we just return a bool + Ok(true) } diff --git a/keyserver/src/creators/account-creator.js b/keyserver/src/creators/account-creator.js --- a/keyserver/src/creators/account-creator.js +++ b/keyserver/src/creators/account-creator.js @@ -17,10 +17,7 @@ RegisterResponse, RegisterRequest, } from 'lib/types/account-types.js'; -import type { - SignedIdentityKeysBlob, - IdentityKeysBlob, -} from 'lib/types/crypto-types.js'; +import type { SignedIdentityKeysBlob } from 'lib/types/crypto-types.js'; import type { PlatformDetails, DeviceTokenUpdateRequest, @@ -197,16 +194,10 @@ ]; if (signedIdentityKeysBlob) { - const identityKeys: IdentityKeysBlob = JSON.parse( - signedIdentityKeysBlob.payload, - ); - handleAsyncPromise( (async () => { const rustAPI = await getRustAPI(); await rustAPI.registerUser( - id, - identityKeys.primaryIdentityPublicKeys.ed25519, request.username, request.password, signedIdentityKeysBlob, diff --git a/keyserver/src/responders/user-responders.js b/keyserver/src/responders/user-responders.js --- a/keyserver/src/responders/user-responders.js +++ b/keyserver/src/responders/user-responders.js @@ -446,8 +446,6 @@ } catch (e) { if (e.code === 'InvalidArg' && e.message === 'user not found') { await rustAPI.registerUser( - id, - constIdentityKeys.primaryIdentityPublicKeys.ed25519, username, request.password, signedIdentityKeysBlob,