Page MenuHomePhabricator

[Identity] Script to generate and persist a server keypair for PAKE
ClosedPublic

Authored by varun on Apr 20 2022, 9:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 20, 11:56 PM
Unknown Object (File)
Fri, Dec 20, 11:56 PM
Unknown Object (File)
Fri, Dec 20, 11:56 PM
Unknown Object (File)
Fri, Dec 20, 11:56 PM
Unknown Object (File)
Fri, Dec 20, 11:56 PM
Unknown Object (File)
Fri, Dec 20, 11:56 PM
Unknown Object (File)
Fri, Dec 20, 11:51 PM
Unknown Object (File)
Sat, Dec 14, 12:32 AM

Details

Summary

Depends on D3747

The Identity service will need to persist a keypair to use for PAKE registration and login. We use the ciphersuite implementation from our common library to generate a random keypair, then write the secret key (public key can be derived from this) to secrets/secret_key.

Test Plan

Ran the keygen executable a couple times to make sure the directory is created if it doesn't exist and the file contents are overwritten each time

varun@varuns-MBP identity % ./target/debug/keygen
Creating secrets directory "/Users/varun/Code/comm/services/identity/secrets"
Writing secret key to "/Users/varun/Code/comm/services/identity/secrets/secret_key"
varun@varuns-MBP identity % ./target/debug/keygen
Writing secret key to "/Users/varun/Code/comm/services/identity/secrets/secret_key"

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

Harbormaster returned this revision to the author for changes because remote builds failed.Apr 20 2022, 9:22 PM
Harbormaster failed remote builds in B8378: Diff 11690!
varun requested review of this revision.Apr 21 2022, 6:35 AM

Services Build failed because the compiler couldn't find lib.rs which was introduced in the previous diff in the stack

ashoat requested changes to this revision.Apr 22 2022, 6:11 AM

Services Build failed because the compiler couldn't find lib.rs which was introduced in the previous diff in the stack

That means that the branch you pushed didn't actually include the previous diff in the stack. Can you rebase your branch so that the dependency is actually there? (Let me know if I'm misunderstanding something)

This revision now requires changes to proceed.Apr 22 2022, 6:11 AM

Services Build failed because the compiler couldn't find lib.rs which was introduced in the previous diff in the stack

That means that the branch you pushed didn't actually include the previous diff in the stack. Can you rebase your branch so that the dependency is actually there? (Let me know if I'm misunderstanding something)

Oh wait I misread the buildkite error... the issue is that I forgot to update the Dockerfile

Update Dockerfile to work with updated Cargo.toml

jim requested changes to this revision.Apr 26 2022, 9:48 AM

I think you should just make a proper CLI for starting the service with one subcommand "server" or something to start the server and "keygen" to run your script. Instead of having a separate binary.

services/identity/Cargo.toml
6

Why is this necessary?

services/identity/Dockerfile
12

Huh? Just make this an actual source file if you need it. You'll want it eventually.

services/identity/scripts/keygen.rs
9

This should be configurable via command-line flag. I think you should just use clap to make it a proper CLI.

This revision now requires changes to proceed.Apr 26 2022, 9:48 AM
varun added inline comments.
services/identity/Cargo.toml
6

There was some common code between the two binaries so in D3747 I moved that stuff to a library. I'm going to make a proper CLI so can probably move everything back to a single binary now.

services/identity/Dockerfile
12

We copy over the actual lib.rs on line 18. This is just for dependency caching to work. I'm removing the library anyway so this line won't be in the next revision

services/identity/scripts/keygen.rs
9

makes sense, will use clap

Add newline at end of Dockerfile

This revision is now accepted and ready to land.Apr 29 2022, 6:51 AM