Page MenuHomePhabricator

[Identity] Add uploadOneTimeKeys to auth service
ClosedPublic

Authored by jon on Aug 31 2023, 8:41 PM.
Tags
None
Referenced Files
F3361802: D9059.diff
Sun, Nov 24, 7:28 PM
Unknown Object (File)
Sat, Nov 9, 9:41 AM
Unknown Object (File)
Sat, Nov 9, 8:20 AM
Unknown Object (File)
Tue, Oct 29, 1:21 AM
Unknown Object (File)
Oct 18 2024, 6:16 AM
Unknown Object (File)
Oct 18 2024, 6:16 AM
Unknown Object (File)
Oct 18 2024, 6:08 AM
Unknown Object (File)
Sep 29 2024, 2:12 AM
Subscribers

Details

Summary

This endpoint should only be available to devices
which have authenticated. Also simplifies the the logic
signficantly.

https://linear.app/comm/issue/ENG-4536

Test Plan
cd services/identity
cargo build
  • Could change the identity_one_time_keys test to hit this endpoint as well

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek added inline comments.
shared/protos/identity_authenticated.proto
33–35 ↗(On Diff #30683)

Are one-time keys and pre-keys equivalent terms?

This revision is now accepted and ready to land.Sep 1 2023, 12:22 AM

Also, are you going to remove upload_one_time_keys() from unauthenticated client service?

Also, are you going to remove upload_one_time_keys() from unauthenticated client service?

Existing logic would need to be updated for keyserver, and the integration tests would need to be changed as well.

In the future, it should be removed, I just won't be around for when it's possible.

shared/protos/identity_authenticated.proto
33–35 ↗(On Diff #30683)

No.

Three keys are needed for X3DH sessions:

  • Identity Key
  • PreKey (rotated periodically, currently monthly)
  • One-Time PreKey (consumed for each new sesion).

The shorter lifetimes of each subsequent key is meant to prevent malicious actors from being able to re-create sessions in the future if certain keys are compromised.