Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F2907295
D7356.id24825.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
27 KB
Referenced Files
None
Subscribers
None
D7356.id24825.diff
View Options
diff --git a/keyserver/Dockerfile b/keyserver/Dockerfile
--- a/keyserver/Dockerfile
+++ b/keyserver/Dockerfile
@@ -134,6 +134,7 @@
# Copy in local dependencies of rust-node-addon
COPY --chown=comm shared/comm-opaque shared/comm-opaque/
+COPY --chown=comm shared/comm-opaque2 shared/comm-opaque2/
COPY --chown=comm shared/tunnelbroker-client shared/tunnelbroker-client/
# Copy protobuf files as a dependency for the shared client libraries
diff --git a/keyserver/addons/rust-node-addon/Cargo.lock b/keyserver/addons/rust-node-addon/Cargo.lock
--- a/keyserver/addons/rust-node-addon/Cargo.lock
+++ b/keyserver/addons/rust-node-addon/Cargo.lock
@@ -104,6 +104,12 @@
"tower-service",
]
+[[package]]
+name = "base16ct"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce"
+
[[package]]
name = "base64"
version = "0.13.1"
@@ -149,6 +155,12 @@
"generic-array",
]
+[[package]]
+name = "bumpalo"
+version = "3.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
+
[[package]]
name = "byteorder"
version = "1.4.3"
@@ -172,12 +184,30 @@
version = "0.1.0"
dependencies = [
"argon2",
- "curve25519-dalek",
+ "curve25519-dalek 3.2.0",
"digest 0.9.0",
- "opaque-ke",
- "sha2",
+ "opaque-ke 1.2.0",
+ "sha2 0.9.9",
]
+[[package]]
+name = "comm-opaque2"
+version = "0.2.0"
+dependencies = [
+ "argon2",
+ "log",
+ "opaque-ke 2.0.0",
+ "rand",
+ "tonic",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "const-oid"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913"
+
[[package]]
name = "constant_time_eq"
version = "0.1.5"
@@ -202,6 +232,18 @@
"libc",
]
+[[package]]
+name = "crypto-bigint"
+version = "0.4.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef"
+dependencies = [
+ "generic-array",
+ "rand_core 0.6.4",
+ "subtle",
+ "zeroize",
+]
+
[[package]]
name = "crypto-common"
version = "0.1.6"
@@ -234,9 +276,9 @@
[[package]]
name = "curve25519-dalek"
-version = "3.2.1"
+version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90f9d052967f590a76e62eb387bd0bbb1b000182c3cefe5364db6b7211651bc0"
+checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
dependencies = [
"byteorder",
"digest 0.9.0",
@@ -245,6 +287,39 @@
"zeroize",
]
+[[package]]
+name = "curve25519-dalek"
+version = "4.0.0-pre.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4033478fbf70d6acf2655ac70da91ee65852d69daf7a67bf7a2f518fb47aafcf"
+dependencies = [
+ "byteorder",
+ "digest 0.9.0",
+ "rand_core 0.6.4",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "der"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
+dependencies = [
+ "const-oid",
+]
+
+[[package]]
+name = "derive-where"
+version = "1.0.0-rc.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d322f2907b2abad3117790c1a54d8f2d64574ba0fbea54cb6c6e66a0e50d99a4"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
[[package]]
name = "digest"
version = "0.9.0"
@@ -282,6 +357,25 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"
+[[package]]
+name = "elliptic-curve"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
+dependencies = [
+ "base16ct",
+ "crypto-bigint",
+ "der",
+ "digest 0.10.6",
+ "ff",
+ "generic-array",
+ "group",
+ "rand_core 0.6.4",
+ "sec1",
+ "subtle",
+ "zeroize",
+]
+
[[package]]
name = "fastrand"
version = "1.9.0"
@@ -291,6 +385,16 @@
"instant",
]
+[[package]]
+name = "ff"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160"
+dependencies = [
+ "rand_core 0.6.4",
+ "subtle",
+]
+
[[package]]
name = "fixedbitset"
version = "0.4.2"
@@ -398,6 +502,7 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
dependencies = [
+ "serde",
"typenum",
"version_check",
]
@@ -424,6 +529,17 @@
"wasi 0.11.0+wasi-snapshot-preview1",
]
+[[package]]
+name = "group"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
+dependencies = [
+ "ff",
+ "rand_core 0.6.4",
+ "subtle",
+]
+
[[package]]
name = "h2"
version = "0.3.15"
@@ -471,7 +587,16 @@
checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b"
dependencies = [
"digest 0.9.0",
- "hmac",
+ "hmac 0.11.0",
+]
+
+[[package]]
+name = "hkdf"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437"
+dependencies = [
+ "hmac 0.12.1",
]
[[package]]
@@ -484,6 +609,15 @@
"digest 0.9.0",
]
+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest 0.10.6",
+]
+
[[package]]
name = "http"
version = "0.2.9"
@@ -744,17 +878,39 @@
checksum = "f25e5f1be61b7a94f388368a24739318fe4edd2b841d20d7077a422a5391e22f"
dependencies = [
"constant_time_eq",
- "curve25519-dalek",
+ "curve25519-dalek 3.2.0",
"digest 0.9.0",
"displaydoc",
"generic-array",
- "hkdf",
- "hmac",
+ "hkdf 0.11.0",
+ "hmac 0.11.0",
"rand",
"subtle",
"zeroize",
]
+[[package]]
+name = "opaque-ke"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76d410412d23781909d90c3900c5783e830586765f2277bccc78167da8af81a5"
+dependencies = [
+ "argon2",
+ "curve25519-dalek 4.0.0-pre.1",
+ "derive-where",
+ "digest 0.10.6",
+ "displaydoc",
+ "elliptic-curve",
+ "generic-array",
+ "hkdf 0.12.3",
+ "hmac 0.12.1",
+ "rand",
+ "serde",
+ "subtle",
+ "voprf",
+ "zeroize",
+]
+
[[package]]
name = "password-hash"
version = "0.4.2"
@@ -980,11 +1136,12 @@
version = "0.1.0"
dependencies = [
"comm-opaque",
+ "comm-opaque2",
"lazy_static",
"napi",
"napi-build",
"napi-derive",
- "opaque-ke",
+ "opaque-ke 1.2.0",
"prost",
"rand",
"serde",
@@ -1009,6 +1166,19 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041"
+[[package]]
+name = "sec1"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928"
+dependencies = [
+ "base16ct",
+ "der",
+ "generic-array",
+ "subtle",
+ "zeroize",
+]
+
[[package]]
name = "serde"
version = "1.0.152"
@@ -1053,6 +1223,17 @@
"opaque-debug",
]
+[[package]]
+name = "sha2"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest 0.10.6",
+]
+
[[package]]
name = "slab"
version = "0.4.8"
@@ -1385,6 +1566,25 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
+[[package]]
+name = "voprf"
+version = "0.4.0-pre.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "081acbe8fcf05d5e8e2aad8ef3d40e02eddeaec07c75a9770d862a0fc0874322"
+dependencies = [
+ "curve25519-dalek 4.0.0-pre.1",
+ "derive-where",
+ "digest 0.10.6",
+ "displaydoc",
+ "elliptic-curve",
+ "generic-array",
+ "rand_core 0.6.4",
+ "serde",
+ "sha2 0.10.6",
+ "subtle",
+ "zeroize",
+]
+
[[package]]
name = "want"
version = "0.3.0"
@@ -1407,6 +1607,60 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
+dependencies = [
+ "cfg-if",
+ "wasm-bindgen-macro",
+]
+
+[[package]]
+name = "wasm-bindgen-backend"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
+dependencies = [
+ "bumpalo",
+ "log",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
+dependencies = [
+ "quote",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "wasm-bindgen-backend",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
+
[[package]]
name = "which"
version = "4.4.0"
@@ -1523,9 +1777,9 @@
[[package]]
name = "zeroize"
-version = "1.3.0"
+version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd"
+checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9"
dependencies = [
"zeroize_derive",
]
diff --git a/keyserver/addons/rust-node-addon/Cargo.toml b/keyserver/addons/rust-node-addon/Cargo.toml
--- a/keyserver/addons/rust-node-addon/Cargo.toml
+++ b/keyserver/addons/rust-node-addon/Cargo.toml
@@ -22,6 +22,7 @@
tracing = "0.1"
prost = "0.11"
comm-opaque = {path = "../../../shared/comm-opaque"}
+comm-opaque2 = {path = "../../../shared/comm-opaque2"}
lazy_static = "1.4"
tunnelbroker-client = {path = "../../../shared/tunnelbroker-client"}
serde_json = "1.0"
diff --git a/keyserver/addons/rust-node-addon/build.rs b/keyserver/addons/rust-node-addon/build.rs
--- a/keyserver/addons/rust-node-addon/build.rs
+++ b/keyserver/addons/rust-node-addon/build.rs
@@ -2,6 +2,14 @@
fn main() {
napi_build::setup();
- tonic_build::compile_protos("../../../shared/protos/identity.proto")
+ tonic_build::configure()
+ .build_server(false)
+ .compile(
+ &[
+ "../../../shared/protos/identity_client.proto",
+ "../../../shared/protos/identity.proto",
+ ],
+ &["../../../shared/protos"],
+ )
.unwrap_or_else(|e| panic!("Failed to compile protos {:?}", e));
}
diff --git a/keyserver/addons/rust-node-addon/rust-binding-types.js b/keyserver/addons/rust-node-addon/rust-binding-types.js
--- a/keyserver/addons/rust-node-addon/rust-binding-types.js
+++ b/keyserver/addons/rust-node-addon/rust-binding-types.js
@@ -20,13 +20,22 @@
+usersMissingFromIdentity: $ReadOnlyArray<string>,
};
+type DeviceKeys = {
+ +keyPayload: string,
+ +keyPayloadSignature: string,
+ +identityPrekey: string,
+ +identityPrekeySignature: string,
+ +notifPrekey: string,
+ +notifPrekeySignature: string,
+ +identityOnetimeKeys: $ReadOnlyArray<string>,
+ +notifOnetimeKeys: $ReadOnlyArray<string>,
+};
+
type RustNativeBindingAPI = {
+registerUser: (
- userId: string,
- signingPublicKey: string,
username: string,
password: string,
- sessionInitializationInfo: SignedIdentityKeysBlob,
+ deviceKeys: DeviceKeys,
) => Promise<string>,
+loginUserPake: (
userId: string,
@@ -50,4 +59,4 @@
+TunnelbrokerClient: Class<TunnelbrokerClientClass>,
};
-export type { RustNativeBindingAPI };
+export type { RustNativeBindingAPI, DeviceKeys };
diff --git a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
--- a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
+++ b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
@@ -5,6 +5,9 @@
pub mod identity {
tonic::include_proto!("identity.keyserver");
}
+pub mod identity_client {
+ tonic::include_proto!("identity.client");
+}
pub mod update_user;
use comm_opaque::Cipher;
@@ -17,29 +20,24 @@
pake_login_request::Data::PakeCredentialFinalization as LoginPakeCredentialFinalization,
pake_login_request::Data::PakeCredentialRequestAndUserId,
pake_login_response::Data::AccessToken,
- pake_login_response::Data::PakeCredentialResponse,
- registration_request::Data::PakeCredentialFinalization as RegistrationPakeCredentialFinalization,
- registration_request::Data::PakeRegistrationRequestAndUserId,
- registration_request::Data::PakeRegistrationUploadAndCredentialRequest,
- registration_response::Data::PakeLoginResponse as RegistrationPakeLoginResponse,
- registration_response::Data::PakeRegistrationResponse, CompareUsersRequest,
+ pake_login_response::Data::PakeCredentialResponse, CompareUsersRequest,
DeleteUserRequest, LoginRequest, LoginResponse,
PakeCredentialRequestAndUserId as PakeCredentialRequestAndUserIdStruct,
PakeLoginRequest as PakeLoginRequestStruct,
- PakeLoginResponse as PakeLoginResponseStruct,
- PakeRegistrationRequestAndUserId as PakeRegistrationRequestAndUserIdStruct,
- PakeRegistrationUploadAndCredentialRequest as PakeRegistrationUploadAndCredentialRequestStruct,
- RegistrationRequest, RegistrationResponse as RegistrationResponseMessage,
- SessionInitializationInfo, WalletLoginRequest as WalletLoginRequestStruct,
+ PakeLoginResponse as PakeLoginResponseStruct, SessionInitializationInfo,
+ WalletLoginRequest as WalletLoginRequestStruct,
WalletLoginResponse as WalletLoginResponseStruct,
};
+use identity_client::identity_client_service_client::IdentityClientServiceClient;
+use identity_client::{
+ DeviceKeyUpload, IdentityKeyInfo, RegistrationFinishRequest,
+ RegistrationStartRequest,
+};
use lazy_static::lazy_static;
use napi::bindgen_prelude::*;
use opaque_ke::{
ClientLogin, ClientLoginFinishParameters, ClientLoginStartParameters,
- ClientLoginStartResult, ClientRegistration,
- ClientRegistrationFinishParameters, CredentialFinalization,
- CredentialResponse, RegistrationResponse, RegistrationUpload,
+ ClientLoginStartResult, CredentialFinalization, CredentialResponse,
};
use rand::{rngs::OsRng, CryptoRng, Rng};
use serde::{Deserialize, Serialize};
@@ -137,3 +135,15 @@
)
})
}
+
+#[napi(object)]
+pub struct DeviceKeys {
+ pub key_payload: String,
+ pub key_payload_signature: String,
+ pub identity_prekey: String,
+ pub identity_prekey_signature: String,
+ pub notif_prekey: String,
+ pub notif_prekey_signature: String,
+ pub identity_onetime_keys: Vec<String>,
+ pub notif_onetime_keys: Vec<String>,
+}
diff --git a/keyserver/addons/rust-node-addon/src/identity_client/register_user.rs b/keyserver/addons/rust-node-addon/src/identity_client/register_user.rs
--- a/keyserver/addons/rust-node-addon/src/identity_client/register_user.rs
+++ b/keyserver/addons/rust-node-addon/src/identity_client/register_user.rs
@@ -3,18 +3,17 @@
#[napi]
#[instrument(skip_all)]
pub async fn register_user(
- user_id: String,
- signing_public_key: String,
username: String,
password: String,
- session_initialization_info: HashMap<String, String>,
-) -> Result<String> {
+ device_keys: DeviceKeys,
+) -> Result<()> {
+ // Set up the gRPC client that will be used to talk to the Identity service
let channel = get_identity_service_channel().await?;
let token: MetadataValue<_> = IDENTITY_SERVICE_CONFIG
.identity_auth_token
.parse()
.map_err(|_| Error::from_status(Status::GenericFailure))?;
- let mut identity_client = IdentityKeyserverServiceClient::with_interceptor(
+ let mut identity_client = IdentityClientServiceClient::with_interceptor(
channel,
|mut req: Request<()>| {
req.metadata_mut().insert("authorization", token.clone());
@@ -22,209 +21,59 @@
},
);
- // Create a RegistrationRequest channel and use ReceiverStream to turn the
- // MPSC receiver into a Stream for outbound messages
- let (tx, rx) = mpsc::channel(1);
- let stream = ReceiverStream::new(rx);
- let request = Request::new(stream);
+ // Start OPAQUE registration and send initial registration request
+ let mut opaque_registration = comm_opaque2::client::Registration::new();
+ let opaque_registration_request = opaque_registration
+ .start(&password)
+ .map_err(|_| Error::from_status(Status::GenericFailure))?;
+ let device_key_upload = DeviceKeyUpload {
+ device_key_info: Some(IdentityKeyInfo {
+ payload: device_keys.key_payload,
+ payload_signature: device_keys.key_payload_signature,
+ social_proof: None,
+ }),
+ identity_upload: Some(identity_client::PreKey {
+ pre_key: device_keys.identity_prekey,
+ pre_key_signature: device_keys.identity_prekey_signature,
+ }),
+ notif_upload: Some(identity_client::PreKey {
+ pre_key: device_keys.notif_prekey,
+ pre_key_signature: device_keys.notif_prekey_signature,
+ }),
+ onetime_identity_prekeys: device_keys.identity_onetime_keys,
+ onetime_notif_prekeys: device_keys.notif_onetime_keys,
+ };
+ let registration_start_request = Request::new(RegistrationStartRequest {
+ opaque_registration_request,
+ username,
+ device_key_upload: Some(device_key_upload),
+ });
- // `response` is the Stream for inbound messages
- let mut response = identity_client
- .register_user(request)
+ // Finish OPAQUE registration and send final registration request
+ let registration_start_response = identity_client
+ .register_password_user_start(registration_start_request)
.await
.map_err(|_| Error::from_status(Status::GenericFailure))?
.into_inner();
- // Start PAKE registration on client and send initial registration request
- // to Identity service
- let mut client_rng = OsRng;
- let (registration_request, client_registration) = pake_registration_start(
- &mut client_rng,
- user_id,
- signing_public_key,
- &password,
- username,
- SessionInitializationInfo {
- info: session_initialization_info,
- },
- )?;
- send_to_mpsc(tx.clone(), registration_request).await?;
-
- // Handle responses from Identity service sequentially, making sure we get
- // messages in the correct order
-
- // Finish PAKE registration and begin PAKE login; send the final
- // registration request and initial login request together to reduce the
- // number of trips
- let message = response
- .message()
- .await
+ let opaque_registration_upload = opaque_registration
+ .finish(
+ &password,
+ ®istration_start_response.opaque_registration_response,
+ )
.map_err(|_| Error::from_status(Status::GenericFailure))?;
- let client_login = handle_registration_response(
- message,
- &mut client_rng,
- client_registration,
- &password,
- tx.clone(),
- )
- .await?;
- // Finish PAKE login; send final login request to Identity service
- let message = response
- .message()
- .await
- .map_err(|_| Error::from_status(Status::GenericFailure))?;
- handle_registration_credential_response(message, client_login, tx)
- .await
- .map_err(|_| Error::from_status(Status::GenericFailure))?;
+ let registration_finish_request = Request::new(RegistrationFinishRequest {
+ session_id: registration_start_response.session_id,
+ opaque_registration_upload,
+ });
- // Return access token
- let message = response
- .message()
+ identity_client
+ .register_password_user_finish(registration_finish_request)
.await
- .map_err(|_| Error::from_status(Status::GenericFailure))?;
- handle_registration_token_response(message)
-}
-
-async fn handle_registration_response(
- message: Option<RegistrationResponseMessage>,
- client_rng: &mut (impl Rng + CryptoRng),
- client_registration: ClientRegistration<Cipher>,
- password: &str,
- tx: mpsc::Sender<RegistrationRequest>,
-) -> Result<ClientLogin<Cipher>> {
- if let Some(RegistrationResponseMessage {
- data: Some(PakeRegistrationResponse(registration_response_bytes)),
- ..
- }) = message
- {
- let pake_registration_upload = pake_registration_finish(
- client_rng,
- ®istration_response_bytes,
- client_registration,
- )?
- .serialize();
- let client_login_start_result = pake_login_start(client_rng, password)?;
-
- // `registration_request` is a gRPC message containing serialized bytes to
- // complete PAKE registration and begin PAKE login
- let registration_request = RegistrationRequest {
- data: Some(PakeRegistrationUploadAndCredentialRequest(
- PakeRegistrationUploadAndCredentialRequestStruct {
- pake_registration_upload,
- pake_credential_request: client_login_start_result
- .message
- .serialize()
- .map_err(|e| {
- error!("Could not serialize credential request: {}", e);
- Error::from_status(Status::GenericFailure)
- })?,
- },
- )),
- };
- send_to_mpsc(tx, registration_request).await?;
- Ok(client_login_start_result.state)
- } else {
- Err(handle_unexpected_response(message))
- }
-}
-
-async fn handle_registration_credential_response(
- message: Option<RegistrationResponseMessage>,
- client_login: ClientLogin<Cipher>,
- tx: mpsc::Sender<RegistrationRequest>,
-) -> Result<()> {
- if let Some(RegistrationResponseMessage {
- data:
- Some(RegistrationPakeLoginResponse(PakeLoginResponseStruct {
- data: Some(PakeCredentialResponse(credential_response_bytes)),
- })),
- }) = message
- {
- let registration_request = RegistrationRequest {
- data: Some(RegistrationPakeCredentialFinalization(
- pake_login_finish(&credential_response_bytes, client_login)?
- .serialize()
- .map_err(|e| {
- error!("Could not serialize credential request: {}", e);
- Error::from_status(Status::GenericFailure)
- })?,
- )),
- };
- send_to_mpsc(tx, registration_request).await
- } else {
- Err(handle_unexpected_response(message))
- }
-}
-
-fn handle_registration_token_response(
- message: Option<RegistrationResponseMessage>,
-) -> Result<String> {
- if let Some(RegistrationResponseMessage {
- data:
- Some(RegistrationPakeLoginResponse(PakeLoginResponseStruct {
- data: Some(AccessToken(access_token)),
- })),
- }) = message
- {
- Ok(access_token)
- } else {
- Err(handle_unexpected_response(message))
- }
-}
-
-fn pake_registration_start(
- rng: &mut (impl Rng + CryptoRng),
- user_id: String,
- signing_public_key: String,
- password: &str,
- username: String,
- session_initialization_info: SessionInitializationInfo,
-) -> Result<(RegistrationRequest, ClientRegistration<Cipher>)> {
- let client_registration_start_result =
- ClientRegistration::<Cipher>::start(rng, password.as_bytes()).map_err(
- |e| {
- error!("Failed to start PAKE registration: {}", e);
- Error::from_status(Status::GenericFailure)
- },
- )?;
- let pake_registration_request =
- client_registration_start_result.message.serialize();
- Ok((
- RegistrationRequest {
- data: Some(PakeRegistrationRequestAndUserId(
- PakeRegistrationRequestAndUserIdStruct {
- user_id,
- pake_registration_request,
- username,
- signing_public_key,
- session_initialization_info: Some(session_initialization_info),
- },
- )),
- },
- client_registration_start_result.state,
- ))
-}
+ .map_err(|_| Error::from_status(Status::GenericFailure))?
+ .into_inner();
-fn pake_registration_finish(
- rng: &mut (impl Rng + CryptoRng),
- registration_response_bytes: &[u8],
- client_registration: ClientRegistration<Cipher>,
-) -> Result<RegistrationUpload<Cipher>> {
- client_registration
- .finish(
- rng,
- RegistrationResponse::deserialize(registration_response_bytes).map_err(
- |e| {
- error!("Could not deserialize registration response bytes: {}", e);
- Error::from_status(Status::GenericFailure)
- },
- )?,
- ClientRegistrationFinishParameters::default(),
- )
- .map_err(|e| {
- error!("Failed to finish PAKE registration: {}", e);
- Error::from_status(Status::GenericFailure)
- })
- .map(|res| res.message)
+ // Keyserver doesn't need the access token, so we just return unit
+ Ok(())
}
diff --git a/keyserver/src/creators/account-creator.js b/keyserver/src/creators/account-creator.js
--- a/keyserver/src/creators/account-creator.js
+++ b/keyserver/src/creators/account-creator.js
@@ -17,16 +17,14 @@
RegisterResponse,
RegisterRequest,
} from 'lib/types/account-types.js';
-import type {
- SignedIdentityKeysBlob,
- IdentityKeysBlob,
-} from 'lib/types/crypto-types.js';
+import type { SignedIdentityKeysBlob } from 'lib/types/crypto-types.js';
import type {
PlatformDetails,
DeviceTokenUpdateRequest,
} from 'lib/types/device-types.js';
import type { CalendarQuery } from 'lib/types/entry-types.js';
import { messageTypes } from 'lib/types/message-types.js';
+import type { DeviceKeys } from 'lib/types/rust-binding-types.js';
import type { SIWESocialProof } from 'lib/types/siwe-types.js';
import { threadTypes } from 'lib/types/thread-types.js';
import { ServerError } from 'lib/utils/errors.js';
@@ -197,19 +195,24 @@
];
if (signedIdentityKeysBlob) {
- const identityKeys: IdentityKeysBlob = JSON.parse(
- signedIdentityKeysBlob.payload,
- );
+ const deviceKeys: DeviceKeys = {
+ keyPayload: signedIdentityKeysBlob.payload,
+ keyPayloadSignature: signedIdentityKeysBlob.signature,
+ identityPrekey: '',
+ identityPrekeySignature: '',
+ notifPrekey: '',
+ notifPrekeySignature: '',
+ identityOnetimeKeys: [],
+ notifOnetimeKeys: [],
+ };
handleAsyncPromise(
(async () => {
const rustAPI = await getRustAPI();
await rustAPI.registerUser(
- id,
- identityKeys.primaryIdentityPublicKeys.ed25519,
request.username,
request.password,
- signedIdentityKeysBlob,
+ deviceKeys,
);
})(),
);
diff --git a/keyserver/src/responders/user-responders.js b/keyserver/src/responders/user-responders.js
--- a/keyserver/src/responders/user-responders.js
+++ b/keyserver/src/responders/user-responders.js
@@ -36,6 +36,7 @@
} from 'lib/types/crypto-types.js';
import type { CalendarQuery } from 'lib/types/entry-types.js';
import { defaultNumberPerThread } from 'lib/types/message-types.js';
+import type { DeviceKeys } from 'lib/types/rust-binding-types';
import type {
SIWEAuthRequest,
SIWEMessage,
@@ -445,13 +446,17 @@
);
} catch (e) {
if (e.code === 'InvalidArg' && e.message === 'user not found') {
- await rustAPI.registerUser(
- id,
- constIdentityKeys.primaryIdentityPublicKeys.ed25519,
- username,
- request.password,
- signedIdentityKeysBlob,
- );
+ const deviceKeys: DeviceKeys = {
+ keyPayload: signedIdentityKeysBlob.payload,
+ keyPayloadSignature: signedIdentityKeysBlob.signature,
+ identityPrekey: '',
+ identityPrekeySignature: '',
+ notifPrekey: '',
+ notifPrekeySignature: '',
+ identityOnetimeKeys: [],
+ notifOnetimeKeys: [],
+ };
+ await rustAPI.registerUser(username, request.password, deviceKeys);
} else {
throw e;
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Oct 7, 10:52 AM (21 h, 24 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2254004
Default Alt Text
D7356.id24825.diff (27 KB)
Attached To
Mode
D7356: [keyserver] update registerUser function
Attached
Detach File
Event Timeline
Log In to Comment