Page MenuHomePhabricator

[keyserver] Handle `SIGNED_IDENTITY_KEYS_BLOB` response
ClosedPublic

Authored by atul on Mar 15 2023, 1:42 PM.
Tags
None
Referenced Files
F3361992: D7082.id23777.diff
Sun, Nov 24, 8:48 PM
Unknown Object (File)
Tue, Nov 19, 10:00 AM
Unknown Object (File)
Tue, Nov 19, 10:00 AM
Unknown Object (File)
Tue, Nov 19, 10:00 AM
Unknown Object (File)
Tue, Nov 19, 9:59 AM
Unknown Object (File)
Tue, Nov 19, 9:36 AM
Unknown Object (File)
Fri, Nov 8, 3:32 AM
Unknown Object (File)
Wed, Nov 6, 3:12 AM
Subscribers

Details

Summary

When we receive a SIGNED_IDENTITY_KEYS_BLOB response from the client, we want to verify the signature of the payload and then update the signed_identity_keys column of the cookies row in the DB.

(I didn't know what the right approach for error-handling here was, so I'm just continueing through the loop if the signedIdentityKeysBlob object is malformed?)


Depends on D7070

Test Plan
  1. Nuke signed_identity_keys column for all rows of cookies table:

c83d33.png (1×856 px, 92 KB)

  1. Refresh the page on web so handleInitialClientSocketMessage gets hit on the keyserver
  2. Observe that the web client constructs and sends a valid signedIdentityKeysBlob by setting breakpoints in keyserver:

0ebd50.png (1×3 px, 722 KB)

  1. Step through processClientResponses on the keyserver and make sure cookies table is updated as expected:

a1b039.png (118×3 px, 68 KB)

  1. "Refresh" the native app running in iOS Simulator so handleInitialClientSocketMessage gets hit on the keyserver.
  2. Observe that the native client constructs and sends a valid signedIdentityKeysBlob by setting breakpoints in keyserver:

5692a0.png (2×3 px, 1 MB)

  1. Step through processClientResponses on the keyserver and make sure cookies table is updated as expected:

08719d.png (162×2 px, 91 KB)

Diff Detail

Repository
rCOMM Comm
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

atul published this revision for review.Mar 15 2023, 1:43 PM

This is the last diff in the stack that I planned on putting up Monday/Tuesday, but ran into issues with D7081. Going to do some additional testing before landing to be extra careful.

ashoat added inline comments.
keyserver/src/socket/session-utils.js
213–223

Parts of this seem copy-pasted, wonder if it's easy to factor out

This revision is now accepted and ready to land.Mar 15 2023, 1:54 PM
keyserver/src/socket/session-utils.js
213–223

The signedIdentityKeysBlob verification in user-responders (for login/register/SIWE) can definitely be factored out since they're identical + error handling is the same. Error handling is slightly different here. I'll create a task.

This revision was landed with ongoing or failed builds.Mar 15 2023, 4:35 PM
This revision was automatically updated to reflect the committed changes.