Page MenuHomePhabricator

[Identity] Add uploadOneTimeKeys to auth service
ClosedPublic

Authored by jon on Aug 31 2023, 8:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 21, 12:09 PM
Unknown Object (File)
Sun, Dec 15, 6:48 PM
Unknown Object (File)
Sun, Dec 15, 6:48 PM
Unknown Object (File)
Sun, Dec 15, 6:48 PM
Unknown Object (File)
Sun, Dec 15, 6:42 PM
Unknown Object (File)
Mon, Dec 9, 6:49 AM
Unknown Object (File)
Thu, Nov 28, 2:01 PM
Unknown Object (File)
Nov 24 2024, 9:54 PM
Subscribers

Details

Summary

This endpoint should only be available to devices
which have authenticated. Also simplifies the the logic
signficantly.

https://linear.app/comm/issue/ENG-4536

Test Plan
cd services/identity
cargo build
  • Could change the identity_one_time_keys test to hit this endpoint as well

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek added inline comments.
shared/protos/identity_authenticated.proto
33–35 ↗(On Diff #30683)

Are one-time keys and pre-keys equivalent terms?

This revision is now accepted and ready to land.Sep 1 2023, 12:22 AM

Also, are you going to remove upload_one_time_keys() from unauthenticated client service?

Also, are you going to remove upload_one_time_keys() from unauthenticated client service?

Existing logic would need to be updated for keyserver, and the integration tests would need to be changed as well.

In the future, it should be removed, I just won't be around for when it's possible.

shared/protos/identity_authenticated.proto
33–35 ↗(On Diff #30683)

No.

Three keys are needed for X3DH sessions:

  • Identity Key
  • PreKey (rotated periodically, currently monthly)
  • One-Time PreKey (consumed for each new sesion).

The shorter lifetimes of each subsequent key is meant to prevent malicious actors from being able to re-create sessions in the future if certain keys are compromised.