Page MenuHomePhabricator
Differential D9059

[Identity] Add uploadOneTimeKeys to auth service
ClosedPublic
Actions

Authored by jon on Aug 31 2023, 8:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 14, 6:59 AM
Unknown Object (File)
Mar 13 2024, 4:36 PM
Unknown Object (File)
Mar 6 2024, 6:47 AM
Unknown Object (File)
Mar 6 2024, 6:47 AM
Unknown Object (File)
Mar 6 2024, 6:47 AM
Unknown Object (File)
Mar 6 2024, 6:41 AM
Unknown Object (File)
Feb 21 2024, 5:19 PM
Unknown Object (File)
Dec 12 2023, 1:06 PM
View All 14 Files
Subscribers
ashoat
tomek

Details

Reviewers
bartek
varun
Commits
rCOMMfeb17195f145: [Identity] Add uploadOneTimeKeys to auth service
Summary

This endpoint should only be available to devices
which have authenticated. Also simplifies the the logic
signficantly.

https://linear.app/comm/issue/ENG-4536

Test Plan
cd services/identity
cargo build
  • Could change the identity_one_time_keys test to hit this endpoint as well

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jon created this revision.Aug 31 2023, 8:41 PM
Herald added subscribers: tomek, ashoat. · View Herald TranscriptAug 31 2023, 8:41 PM
Harbormaster completed remote builds in B22331: Diff 30683.Aug 31 2023, 8:59 PM
jon requested review of this revision.Aug 31 2023, 8:59 PM
bartek accepted this revision.Sep 1 2023, 12:22 AM
bartek added inline comments.
shared/protos/identity_authenticated.proto
33–35 ↗(On Diff #30683)

Are one-time keys and pre-keys equivalent terms?

This revision is now accepted and ready to land.Sep 1 2023, 12:22 AM
bartek added a comment.Sep 1 2023, 12:24 AM

Also, are you going to remove upload_one_time_keys() from unauthenticated client service?

jon added a comment.Sep 3 2023, 5:58 PM

Also, are you going to remove upload_one_time_keys() from unauthenticated client service?

Existing logic would need to be updated for keyserver, and the integration tests would need to be changed as well.

In the future, it should be removed, I just won't be around for when it's possible.

shared/protos/identity_authenticated.proto
33–35 ↗(On Diff #30683)

No.

Three keys are needed for X3DH sessions:

  • Identity Key
  • PreKey (rotated periodically, currently monthly)
  • One-Time PreKey (consumed for each new sesion).

The shorter lifetimes of each subsequent key is meant to prevent malicious actors from being able to re-create sessions in the future if certain keys are compromised.

jon marked an inline comment as done.Sep 3 2023, 6:00 PM
Closed by commit rCOMMfeb17195f145: [Identity] Add uploadOneTimeKeys to auth service (authored by jon). · Explain WhySep 3 2023, 6:05 PM
This revision was automatically updated to reflect the committed changes.
jon added a commit: rCOMMfeb17195f145: [Identity] Add uploadOneTimeKeys to auth service.
bartek mentioned this in D9928: [identity] Delete unauthenticated UploadOneTimeKeys RPC.Nov 20 2023, 4:15 AM
bartek mentioned this in rCOMMa4da1e841133: [identity] Delete unauthenticated UploadOneTimeKeys RPC.Dec 4 2023, 2:42 AM

Revision Contents
Changeset List

PathSize
services/
identity/
src/
grpc_services/
22 lines
shared/
protos/
12 lines

Diff 30713

View Options

services/identity/src/grpc_services/authenticated.rs

Loading...
View Options

shared/protos/identity_authenticated.proto

Loading...