[Keyserver] Use olm identity key for tunnelbroker connection
AbandonedPublic
Actions

Authored by • jon on Jun 1 2023, 7:09 AM.

Details

Reviewers

ashoat

Summary

Instead of using fake values, recall the real
identity key.

Depends on D7702

Test Plan

# Run tunnelbroker with RUST_LOG=debug

(cd keyserver && yarn dev)
# There should be a console log from keyserver showing the
# real identity key, and tunnelbroker should log it received
# a connection request with the same ID

Diff Detail

Repository

rCOMM Comm

Branch

jonringer/keyserver-tunnelbroker (branched from master)

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

• jon created this revision.Jun 1 2023, 7:09 AM

Herald added a subscriber: tomek. · View Herald TranscriptJun 1 2023, 7:09 AM

Harbormaster completed remote builds in B19957: Diff 27353.Jun 1 2023, 7:28 AM

• jon requested review of this revision.Jun 1 2023, 7:28 AM

Curious for your thoughts on the inline comments. I think it might be good to move await getDeviceID out so it's not called on every Websocket initialization

keyserver/src/socket/tunnelbroker.js
14	I was wondering whether we really need to fetch the `deviceID` on every Tunnelbroker connection, so I spent some time thinking about what scenarios might lead to a reconnect I came up with two scenarios: If the `deviceID` changes for some reason If a connection error forces a reconnection Since we'll need some code to handle the first case anyways (forcing a disconnect and reconnecting to Tunnelbroker with the new device ID), I wonder if we can avoid having to `fetchOlmAccount` on every connection. Here's what I'm thinking: We have some function like `createAndMaintainTunnelbrokerSocket` that takes `deviceID` as input. This function internally handles reconnecting in the case of an error or a disconnect When the keyserver starts, we fetch the `deviceID` (just once) and call `createAndMaintainTunnelbrokerSocket` Separately, we'll add code to every place that might change the `deviceID` in the database, and make sure it forces a reconnection with the updated `deviceID` We'll need some way to kill the existing `createAndMaintainTunnelbrokerSocket` instance... either the function can return some sort of handle, or we can use a class instead of a function What do you think?
18	`Promise.all` isn't doing anything here

This revision now requires changes to proceed.Jun 1 2023, 8:41 AM

ashoat added inline comments.Jun 5 2023, 5:09 AM

keyserver/src/socket/tunnelbroker.js
11	Aren't we using the signing key (`ed25519`) for the "device ID", or did I get this wrong? Isn't that the key that is signing the rest of the keys, so it should be considered the "root of trust"?

• jon planned changes to this revision.Jun 20 2023, 7:15 AM

• jon marked 2 inline comments as done.

• jon added inline comments.

keyserver/src/socket/tunnelbroker.js
11	no, you're right. Got confused
14	Yea, sounds good, I'll refactor this.
18	I intended to extend this with grabbing the user_id and access token as well. I'll refactor this to have the local fetching done before attempting the session.