Page MenuHomePhabricator
Differential D3799

[Identity] Script to generate and persist a server keypair for PAKE
ClosedPublic
Actions

Authored by varun on Apr 20 2022, 9:20 PM.
Tags
None
Referenced Files
F5264938: D3799.id12145.diff
Sun, Apr 6, 7:26 PM
F5264864: D3799.id12072.diff
Sun, Apr 6, 7:22 PM
F5264798: D3799.id12071.diff
Sun, Apr 6, 7:19 PM
F5264721: D3799.id11803.diff
Sun, Apr 6, 7:15 PM
F5264657: D3799.id11690.diff
Sun, Apr 6, 7:12 PM
F5264588: D3799.id.diff
Sun, Apr 6, 7:08 PM
F5264496: D3799.diff
Sun, Apr 6, 7:05 PM
Unknown Object (File)
Wed, Apr 2, 6:50 AM
View All Files
Subscribers
abosh
adrian
ashoat
benschac

Details

Reviewers
jim
karol
tomek
atul
ashoat
Commits
rCOMMadcab69a1a6f: [Identity] Script to generate and persist a server keypair for PAKE
Summary

Depends on D3747

The Identity service will need to persist a keypair to use for PAKE registration and login. We use the ciphersuite implementation from our common library to generate a random keypair, then write the secret key (public key can be derived from this) to secrets/secret_key.

Test Plan

Ran the keygen executable a couple times to make sure the directory is created if it doesn't exist and the file contents are overwritten each time

varun@varuns-MBP identity % ./target/debug/keygen
Creating secrets directory "/Users/varun/Code/comm/services/identity/secrets"
Writing secret key to "/Users/varun/Code/comm/services/identity/secrets/secret_key"
varun@varuns-MBP identity % ./target/debug/keygen
Writing secret key to "/Users/varun/Code/comm/services/identity/secrets/secret_key"

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

varun created this revision.Apr 20 2022, 9:20 PM
Herald added subscribers: abosh, benschac, adrian, ashoat. · View Herald TranscriptApr 20 2022, 9:20 PM
Harbormaster returned this revision to the author for changes because remote builds failed.Apr 20 2022, 9:22 PM
Harbormaster failed remote builds in B8378: Diff 11690!
varun requested review of this revision.Apr 21 2022, 6:35 AM
varun added a comment.Apr 21 2022, 6:57 AM

Services Build failed because the compiler couldn't find lib.rs which was introduced in the previous diff in the stack

varun added 1 blocking reviewer(s): jim.Apr 21 2022, 9:48 AM
varun added a child revision: D3812: [Identity] Add config for Identity service.Apr 21 2022, 12:07 PM
ashoat requested changes to this revision.Apr 22 2022, 6:11 AM

Services Build failed because the compiler couldn't find lib.rs which was introduced in the previous diff in the stack

That means that the branch you pushed didn't actually include the previous diff in the stack. Can you rebase your branch so that the dependency is actually there? (Let me know if I'm misunderstanding something)

This revision now requires changes to proceed.Apr 22 2022, 6:11 AM
varun planned changes to this revision.Apr 22 2022, 6:31 AM
In D3799#105843, @ashoat wrote:

Services Build failed because the compiler couldn't find lib.rs which was introduced in the previous diff in the stack

That means that the branch you pushed didn't actually include the previous diff in the stack. Can you rebase your branch so that the dependency is actually there? (Let me know if I'm misunderstanding something)

Oh wait I misread the buildkite error... the issue is that I forgot to update the Dockerfile

varun updated this revision to Diff 11803.Apr 22 2022, 7:28 AM

Update Dockerfile to work with updated Cargo.toml

Harbormaster completed remote builds in B8464: Diff 11803.Apr 22 2022, 7:32 AM
ashoat accepted this revision.Apr 24 2022, 4:32 PM
jim requested changes to this revision.Apr 26 2022, 9:48 AM

I think you should just make a proper CLI for starting the service with one subcommand "server" or something to start the server and "keygen" to run your script. Instead of having a separate binary.

services/identity/Cargo.toml
6 ↗(On Diff #11803)

Why is this necessary?

services/identity/Dockerfile
12 ↗(On Diff #11803)

Huh? Just make this an actual source file if you need it. You'll want it eventually.

services/identity/scripts/keygen.rs
9 ↗(On Diff #11803)

This should be configurable via command-line flag. I think you should just use clap to make it a proper CLI.

This revision now requires changes to proceed.Apr 26 2022, 9:48 AM
varun planned changes to this revision.Apr 28 2022, 8:02 AM
varun added inline comments.
services/identity/Cargo.toml
6 ↗(On Diff #11803)

There was some common code between the two binaries so in D3747 I moved that stuff to a library. I'm going to make a proper CLI so can probably move everything back to a single binary now.

services/identity/Dockerfile
12 ↗(On Diff #11803)

We copy over the actual lib.rs on line 18. This is just for dependency caching to work. I'm removing the library anyway so this line won't be in the next revision

services/identity/scripts/keygen.rs
9 ↗(On Diff #11803)

makes sense, will use clap

varun updated this revision to Diff 12071.Apr 28 2022, 1:26 PM

Address feedback

varun updated this revision to Diff 12072.Apr 28 2022, 1:28 PM

Add newline at end of Dockerfile

Harbormaster completed remote builds in B8670: Diff 12071.Apr 28 2022, 1:31 PM
Harbormaster completed remote builds in B8671: Diff 12072.Apr 28 2022, 1:34 PM
jim accepted this revision.Apr 29 2022, 6:51 AM

Nice!

This revision is now accepted and ready to land.Apr 29 2022, 6:51 AM
Closed by commit rCOMMadcab69a1a6f: [Identity] Script to generate and persist a server keypair for PAKE (authored by varun). · Explain WhyMay 2 2022, 11:33 AM
This revision was automatically updated to reflect the committed changes.
varun added a commit: rCOMMadcab69a1a6f: [Identity] Script to generate and persist a server keypair for PAKE.

Revision Contents
Changeset List

PathSize
services/
identity/
3 lines
3 lines
src/
26 lines
46 lines

Diff 12072

View Options

services/identity/Cargo.lock

Show All 29 Linesexport type PendingMultimediaUpload = {
// This is set once the network request begins and used if the upload is // This is set once the network request begins and used if the upload is
// cancelled // cancelled
abort: ?() => void, abort: ?() => void,
steps: MediaMissionStep[], steps: MediaMissionStep[],
selectTime: number, selectTime: number,
}; };
// This type represents the input state for a particular thread // This type represents the input state for a particular thread
export type InputState = { export type InputState = {
ashoatUnsubmitted
Done
Inline Actions

All of this should probably be $ReadOnly (eg. prefix each property with +) but not sure if that will introduce Flow errors

ashoat: All of this should probably be `$ReadOnly` (eg. prefix each property with `+`) but not sure if…
przemekAuthorUnsubmitted
Done
Inline Actions

Makes sense, I changed it and it haven't invoked any flow errors, so I'm amending it.

przemek: Makes sense, I changed it and it haven't invoked any flow errors, so I'm amending it.
pendingUploads: $ReadOnlyArray<PendingMultimediaUpload>, pendingUploads: $ReadOnlyArray<PendingMultimediaUpload>,
assignedUploads: { assignedUploads: {
[messageID: string]: $ReadOnlyArray<PendingMultimediaUpload>, [messageID: string]: $ReadOnlyArray<PendingMultimediaUpload>,
}, },
draft: string, draft: string,
textCursorPosition: number,
appendFiles: (files: $ReadOnlyArray<File>) => Promise<boolean>, appendFiles: (files: $ReadOnlyArray<File>) => Promise<boolean>,
cancelPendingUpload: (localUploadID: string) => void, cancelPendingUpload: (localUploadID: string) => void,
sendTextMessage: ( sendTextMessage: (
messageInfo: RawTextMessageInfo, messageInfo: RawTextMessageInfo,
threadInfo: ThreadInfo, threadInfo: ThreadInfo,
) => Promise<void>, ) => Promise<void>,
createMultimediaMessage: (localID: number, threadInfo: ThreadInfo) => void, createMultimediaMessage: (localID: number, threadInfo: ThreadInfo) => void,
setDraft: (draft: string) => void, setDraft: (draft: string) => void,
setTextCursorPosition: (newPosition: number) => void,
messageHasUploadFailure: (localMessageID: string) => boolean, messageHasUploadFailure: (localMessageID: string) => boolean,
retryMultimediaMessage: ( retryMultimediaMessage: (
localMessageID: string, localMessageID: string,
threadInfo: ThreadInfo, threadInfo: ThreadInfo,
) => void, ) => void,
addReply: (text: string) => void, addReply: (text: string) => void,
addReplyListener: ((message: string) => void) => void, addReplyListener: ((message: string) => void) => void,
removeReplyListener: ((message: string) => void) => void, removeReplyListener: ((message: string) => void) => void,
Show All 9 Lines
View Options

services/identity/Cargo.toml

Show All 29 Linesexport type PendingMultimediaUpload = {
// This is set once the network request begins and used if the upload is // This is set once the network request begins and used if the upload is
// cancelled // cancelled
abort: ?() => void, abort: ?() => void,
steps: MediaMissionStep[], steps: MediaMissionStep[],
selectTime: number, selectTime: number,
}; };
// This type represents the input state for a particular thread // This type represents the input state for a particular thread
export type InputState = { export type InputState = {
ashoatUnsubmitted
Done
Inline Actions

All of this should probably be $ReadOnly (eg. prefix each property with +) but not sure if that will introduce Flow errors

ashoat: All of this should probably be `$ReadOnly` (eg. prefix each property with `+`) but not sure if…
przemekAuthorUnsubmitted
Done
Inline Actions

Makes sense, I changed it and it haven't invoked any flow errors, so I'm amending it.

przemek: Makes sense, I changed it and it haven't invoked any flow errors, so I'm amending it.
pendingUploads: $ReadOnlyArray<PendingMultimediaUpload>, pendingUploads: $ReadOnlyArray<PendingMultimediaUpload>,
assignedUploads: { assignedUploads: {
[messageID: string]: $ReadOnlyArray<PendingMultimediaUpload>, [messageID: string]: $ReadOnlyArray<PendingMultimediaUpload>,
}, },
draft: string, draft: string,
textCursorPosition: number,
appendFiles: (files: $ReadOnlyArray<File>) => Promise<boolean>, appendFiles: (files: $ReadOnlyArray<File>) => Promise<boolean>,
cancelPendingUpload: (localUploadID: string) => void, cancelPendingUpload: (localUploadID: string) => void,
sendTextMessage: ( sendTextMessage: (
messageInfo: RawTextMessageInfo, messageInfo: RawTextMessageInfo,
threadInfo: ThreadInfo, threadInfo: ThreadInfo,
) => Promise<void>, ) => Promise<void>,
createMultimediaMessage: (localID: number, threadInfo: ThreadInfo) => void, createMultimediaMessage: (localID: number, threadInfo: ThreadInfo) => void,
setDraft: (draft: string) => void, setDraft: (draft: string) => void,
setTextCursorPosition: (newPosition: number) => void,
messageHasUploadFailure: (localMessageID: string) => boolean, messageHasUploadFailure: (localMessageID: string) => boolean,
retryMultimediaMessage: ( retryMultimediaMessage: (
localMessageID: string, localMessageID: string,
threadInfo: ThreadInfo, threadInfo: ThreadInfo,
) => void, ) => void,
addReply: (text: string) => void, addReply: (text: string) => void,
addReplyListener: ((message: string) => void) => void, addReplyListener: ((message: string) => void) => void,
removeReplyListener: ((message: string) => void) => void, removeReplyListener: ((message: string) => void) => void,
Show All 9 Lines
View Options

services/identity/Dockerfile

Show All 29 Linesexport type PendingMultimediaUpload = {
// This is set once the network request begins and used if the upload is // This is set once the network request begins and used if the upload is
// cancelled // cancelled
abort: ?() => void, abort: ?() => void,
steps: MediaMissionStep[], steps: MediaMissionStep[],
selectTime: number, selectTime: number,
}; };
// This type represents the input state for a particular thread // This type represents the input state for a particular thread
export type InputState = { export type InputState = {
ashoatUnsubmitted
Done
Inline Actions

All of this should probably be $ReadOnly (eg. prefix each property with +) but not sure if that will introduce Flow errors

ashoat: All of this should probably be `$ReadOnly` (eg. prefix each property with `+`) but not sure if…
przemekAuthorUnsubmitted
Done
Inline Actions

Makes sense, I changed it and it haven't invoked any flow errors, so I'm amending it.

przemek: Makes sense, I changed it and it haven't invoked any flow errors, so I'm amending it.
pendingUploads: $ReadOnlyArray<PendingMultimediaUpload>, pendingUploads: $ReadOnlyArray<PendingMultimediaUpload>,
assignedUploads: { assignedUploads: {
[messageID: string]: $ReadOnlyArray<PendingMultimediaUpload>, [messageID: string]: $ReadOnlyArray<PendingMultimediaUpload>,
}, },
draft: string, draft: string,
textCursorPosition: number,
appendFiles: (files: $ReadOnlyArray<File>) => Promise<boolean>, appendFiles: (files: $ReadOnlyArray<File>) => Promise<boolean>,
cancelPendingUpload: (localUploadID: string) => void, cancelPendingUpload: (localUploadID: string) => void,
sendTextMessage: ( sendTextMessage: (
messageInfo: RawTextMessageInfo, messageInfo: RawTextMessageInfo,
threadInfo: ThreadInfo, threadInfo: ThreadInfo,
) => Promise<void>, ) => Promise<void>,
createMultimediaMessage: (localID: number, threadInfo: ThreadInfo) => void, createMultimediaMessage: (localID: number, threadInfo: ThreadInfo) => void,
setDraft: (draft: string) => void, setDraft: (draft: string) => void,
setTextCursorPosition: (newPosition: number) => void,
messageHasUploadFailure: (localMessageID: string) => boolean, messageHasUploadFailure: (localMessageID: string) => boolean,
retryMultimediaMessage: ( retryMultimediaMessage: (
localMessageID: string, localMessageID: string,
threadInfo: ThreadInfo, threadInfo: ThreadInfo,
) => void, ) => void,
addReply: (text: string) => void, addReply: (text: string) => void,
addReplyListener: ((message: string) => void) => void, addReplyListener: ((message: string) => void) => void,
removeReplyListener: ((message: string) => void) => void, removeReplyListener: ((message: string) => void) => void,
Show All 9 Lines
View Options

services/identity/src/keygen.rs

Show All 29 Linesexport type PendingMultimediaUpload = {
// This is set once the network request begins and used if the upload is // This is set once the network request begins and used if the upload is
// cancelled // cancelled
abort: ?() => void, abort: ?() => void,
steps: MediaMissionStep[], steps: MediaMissionStep[],
selectTime: number, selectTime: number,
}; };
// This type represents the input state for a particular thread // This type represents the input state for a particular thread
export type InputState = { export type InputState = {
ashoatUnsubmitted
Done
Inline Actions

All of this should probably be $ReadOnly (eg. prefix each property with +) but not sure if that will introduce Flow errors

ashoat: All of this should probably be `$ReadOnly` (eg. prefix each property with `+`) but not sure if…
przemekAuthorUnsubmitted
Done
Inline Actions

Makes sense, I changed it and it haven't invoked any flow errors, so I'm amending it.

przemek: Makes sense, I changed it and it haven't invoked any flow errors, so I'm amending it.
pendingUploads: $ReadOnlyArray<PendingMultimediaUpload>, pendingUploads: $ReadOnlyArray<PendingMultimediaUpload>,
assignedUploads: { assignedUploads: {
[messageID: string]: $ReadOnlyArray<PendingMultimediaUpload>, [messageID: string]: $ReadOnlyArray<PendingMultimediaUpload>,
}, },
draft: string, draft: string,
textCursorPosition: number,
appendFiles: (files: $ReadOnlyArray<File>) => Promise<boolean>, appendFiles: (files: $ReadOnlyArray<File>) => Promise<boolean>,
cancelPendingUpload: (localUploadID: string) => void, cancelPendingUpload: (localUploadID: string) => void,
sendTextMessage: ( sendTextMessage: (
messageInfo: RawTextMessageInfo, messageInfo: RawTextMessageInfo,
threadInfo: ThreadInfo, threadInfo: ThreadInfo,
) => Promise<void>, ) => Promise<void>,
createMultimediaMessage: (localID: number, threadInfo: ThreadInfo) => void, createMultimediaMessage: (localID: number, threadInfo: ThreadInfo) => void,
setDraft: (draft: string) => void, setDraft: (draft: string) => void,
setTextCursorPosition: (newPosition: number) => void,
messageHasUploadFailure: (localMessageID: string) => boolean, messageHasUploadFailure: (localMessageID: string) => boolean,
retryMultimediaMessage: ( retryMultimediaMessage: (
localMessageID: string, localMessageID: string,
threadInfo: ThreadInfo, threadInfo: ThreadInfo,
) => void, ) => void,
addReply: (text: string) => void, addReply: (text: string) => void,
addReplyListener: ((message: string) => void) => void, addReplyListener: ((message: string) => void) => void,
removeReplyListener: ((message: string) => void) => void, removeReplyListener: ((message: string) => void) => void,
Show All 9 Lines
View Options

services/identity/src/main.rs

Loading...