Skip to content

Commit

Permalink
progress
Browse files Browse the repository at this point in the history
  • Loading branch information
@kkohbrok
kkohbrok committed Sep 12, 2024
1 parent 570642c commit 486a287
Show file tree
Hide file tree
Showing 19 changed files with 462 additions and 250 deletions.
15 changes: 15 additions & 0 deletions backend/migrations/20231124135844_create_connection_packages_table.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-- SPDX-FileCopyrightText: 2023 Phoenix R&D GmbH <[email protected]>
--
-- SPDX-License-Identifier: AGPL-3.0-or-later

-- migrations/{timestamp}_create_connection_packages_table.sql
-- Create ConnectionPackages Table
CREATE TABLE connection_packages(
id uuid NOT NULL,
PRIMARY KEY (id),
client_id uuid NOT NULL,
connection_package BYTEA NOT NULL,
FOREIGN KEY (client_id) REFERENCES as_client_records(client_id) ON DELETE CASCADE
);

CREATE INDEX idx_connection_package_client_id ON connection_packages(client_id);
26 changes: 18 additions & 8 deletions backend/src/auth_service/client_api/anonymous.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,10 @@ use phnxtypes::{
};

use crate::auth_service::{
client_record::ClientRecord, storage_provider_trait::AsStorageProvider, AuthService,
client_record::ClientRecord,
credentials::{intermediate_signing_key::IntermediateCredential, signing_key::Credential},
storage_provider_trait::AsStorageProvider,
AuthService,
};

impl AuthService {
Expand Down Expand Up @@ -108,18 +111,25 @@ impl AuthService {
Ok(())
}

pub(crate) async fn as_credentials<S: AsStorageProvider>(
storage_provider: &S,
params: AsCredentialsParams,
pub(crate) async fn as_credentials(
&self,
_params: AsCredentialsParams,
) -> Result<AsCredentialsResponse, AsCredentialsError> {
let (as_credentials, as_intermediate_credentials, revoked_credentials) = storage_provider
.load_as_credentials()
let as_credentials = Credential::load_all(&self.db_pool).await.map_err(|e| {
tracing::error!("Error loading AS credentials: {:?}", e);
AsCredentialsError::StorageError
})?;
let as_intermediate_credentials = IntermediateCredential::load_all(&self.db_pool)
.await
.map_err(|_| AsCredentialsError::StorageError)?;
.map_err(|e| {
tracing::error!("Error loading intermediate credentials: {:?}", e);
AsCredentialsError::StorageError
})?;
Ok(AsCredentialsResponse {
as_credentials,
as_intermediate_credentials,
revoked_credentials,
// We don't support revocation yet
revoked_credentials: vec![],
})
}
}
52 changes: 41 additions & 11 deletions backend/src/auth_service/client_api/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ use phnxtypes::{
},
messages::{
client_as::{
DeleteClientParamsTbs, DequeueMessagesParamsTbs, FinishClientAdditionParamsTbs,
InitClientAdditionResponse, InitiateClientAdditionParams,
ConnectionPackage, DeleteClientParamsTbs, DequeueMessagesParamsTbs,
FinishClientAdditionParamsTbs, InitClientAdditionResponse,
InitiateClientAdditionParams,
},
client_qs::DequeueMessagesResponse,
},
Expand All @@ -21,8 +22,12 @@ use phnxtypes::{
use tls_codec::Serialize;

use crate::auth_service::{
client_record::ClientRecord, credentials::intermediate_signing_key::IntermediateSigningKey,
storage_provider_trait::AsStorageProvider, user_record::UserRecord, AuthService,
client_record::ClientRecord,
connection_package::StorableConnectionPackage,
credentials::intermediate_signing_key::{IntermediateCredential, IntermediateSigningKey},
storage_provider_trait::AsStorageProvider,
user_record::UserRecord,
AuthService,
};

impl AuthService {
Expand Down Expand Up @@ -108,7 +113,7 @@ impl AuthService {

// Sign the credential
let client_credential: ClientCredential = client_credential_payload
.sign(&*signing_key)
.sign(&signing_key)
.map_err(|_| InitClientAdditionError::LibraryError)?;

// Store the client_credential in the ephemeral DB
Expand All @@ -126,16 +131,15 @@ impl AuthService {
Ok(response)
}

pub(crate) async fn as_finish_client_addition<S: AsStorageProvider>(
pub(crate) async fn as_finish_client_addition(
&self,
storage_provider: &S,
params: FinishClientAdditionParamsTbs,
) -> Result<(), FinishClientAdditionError> {
let FinishClientAdditionParamsTbs {
client_id,
queue_encryption_key,
initial_ratchet_secret: initial_ratchet_key,
connection_package: connection_key_package,
connection_package,
} = params;

// Look up the initial client's ClientCredentialn the ephemeral DB based
Expand All @@ -154,7 +158,7 @@ impl AuthService {
.try_into()
// Hiding the LibraryError here behind a StorageError
.map_err(|_| FinishClientAdditionError::StorageError)?;
let client_record = ClientRecord::new_and_store(
ClientRecord::new_and_store(
&mut connection,
queue_encryption_key,
ratchet_key,
Expand All @@ -166,16 +170,42 @@ impl AuthService {
FinishClientAdditionError::StorageError
})?;

// Verify and store connection packages
let as_intermediate_credentials = IntermediateCredential::load_all(&self.db_pool)
.await
.map_err(|e| {
tracing::error!("Error loading intermediate credentials: {:?}", e);
FinishClientAdditionError::StorageError
})?;
let cp = connection_package;
let verifying_credential = as_intermediate_credentials
.iter()
.find(|aic| aic.fingerprint() == cp.client_credential_signer_fingerprint())
.ok_or(FinishClientAdditionError::InvalidConnectionPackage)?;
let verified_connection_package: ConnectionPackage = cp
.verify(verifying_credential.verifying_key())
.map_err(|_| FinishClientAdditionError::InvalidConnectionPackage)?;

StorableConnectionPackage::store_multiple(
&mut connection,
vec![verified_connection_package].into_iter(),
&client_id,
)
.await
.map_err(|e| {
tracing::error!("Error storing connection package: {:?}", e);
FinishClientAdditionError::StorageError
})?;

// Delete the entry in the ephemeral OPAQUE DB
let mut client_login_states = self.ephemeral_client_logins.lock().await;
client_login_states.remove(&client_id);

Ok(())
}

pub(crate) async fn as_delete_client<S: AsStorageProvider>(
pub(crate) async fn as_delete_client(
&self,
storage_provider: &S,
params: DeleteClientParamsTbs,
) -> Result<(), DeleteClientError> {
let client_id = params.0;
Expand Down
14 changes: 10 additions & 4 deletions backend/src/auth_service/client_api/key_packages.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,14 @@ use phnxtypes::{
},
};

use crate::auth_service::{storage_provider_trait::AsStorageProvider, AuthService};
use crate::auth_service::{
credentials::intermediate_signing_key::IntermediateCredential,
storage_provider_trait::AsStorageProvider, AuthService,
};

impl AuthService {
pub(crate) async fn as_publish_connection_packages<S: AsStorageProvider>(
&self,
storage_provider: &S,
params: AsPublishConnectionPackagesParamsTbs,
) -> Result<(), PublishConnectionPackageError> {
Expand All @@ -22,10 +26,12 @@ impl AuthService {
connection_packages,
} = params;

let (_, as_intermediate_credentials, _) = storage_provider
.load_as_credentials()
let as_intermediate_credentials = IntermediateCredential::load_all(&self.db_pool)
.await
.map_err(|_| PublishConnectionPackageError::StorageError)?;
.map_err(|e| {
tracing::error!("Error loading intermediate credentials: {:?}", e);
PublishConnectionPackageError::StorageError
})?;

// TODO: Last resort key package
let connection_packages = connection_packages
Expand Down
20 changes: 11 additions & 9 deletions backend/src/auth_service/client_api/user.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,10 @@ use phnxtypes::{
use tls_codec::Serialize;

use crate::auth_service::{
client_record::ClientRecord, credentials::intermediate_signing_key::IntermediateSigningKey,
user_record::UserRecord, AsStorageProvider, AuthService,
client_record::ClientRecord,
credentials::intermediate_signing_key::{IntermediateCredential, IntermediateSigningKey},
user_record::UserRecord,
AsStorageProvider, AuthService,
};

impl AuthService {
Expand Down Expand Up @@ -71,7 +73,7 @@ impl AuthService {

// Sign the credential
let client_credential: ClientCredential = client_payload
.sign(&*signing_key)
.sign(&signing_key)
.map_err(|_| InitUserRegistrationError::LibraryError)?;

// Store the client_credential in the ephemeral DB
Expand Down Expand Up @@ -145,9 +147,10 @@ impl AuthService {
})?;

// Verify and store connection packages
let (_as_credentials, as_intermediate_credentials, _revoked_fingerprints) =
storage_provider.load_as_credentials().await.map_err(|e| {
tracing::error!("Storage provider error: {:?}", e);
let as_intermediate_credentials = IntermediateCredential::load_all(&self.db_pool)
.await
.map_err(|e| {
tracing::error!("Error loading intermediate credentials: {:?}", e);
FinishUserRegistrationError::StorageError
})?;
let verified_connection_packages = connection_packages
Expand All @@ -163,7 +166,6 @@ impl AuthService {
.collect::<Result<Vec<_>, FinishUserRegistrationError>>()?;

// Create the initial client entry

let ratchet_key = initial_ratchet_key
.try_into()
// Hiding the LibraryError here behind a StorageError
Expand All @@ -172,7 +174,7 @@ impl AuthService {
tracing::error!("Error acquiring connection: {:?}", e);
FinishUserRegistrationError::StorageError
})?;
let client_record = ClientRecord::new_and_store(
ClientRecord::new_and_store(
&mut connection,
queue_encryption_key,
ratchet_key,
Expand Down Expand Up @@ -204,7 +206,7 @@ impl AuthService {
) -> Result<(), DeleteUserError> {
let DeleteUserParamsTbs {
user_name,
client_id,
client_id: _,
opaque_finish: _,
} = params;

Expand Down
11 changes: 5 additions & 6 deletions backend/src/auth_service/client_record.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ use crate::persistence::StorageError;

#[derive(Debug, Clone)]
pub(super) struct ClientRecord {
pub queue_encryption_key: RatchetEncryptionKey,
pub ratchet_key: QueueRatchet<EncryptedAsQueueMessage, AsQueueMessagePayload>,
pub activity_time: TimeStamp,
pub credential: ClientCredential,
pub(super) queue_encryption_key: RatchetEncryptionKey,
pub(super) ratchet_key: QueueRatchet<EncryptedAsQueueMessage, AsQueueMessagePayload>,
pub(super) activity_time: TimeStamp,
pub(super) credential: ClientCredential,
}

impl ClientRecord {
Expand All @@ -38,9 +38,8 @@ impl ClientRecord {

// Initialize the client's queue.
let mut transaction = connection.begin().await?;
let queue_data =
ClientQueueData::new_and_store(record.client_id(), &mut transaction).await?;
record.store(&mut transaction).await?;
ClientQueueData::new_and_store(record.client_id(), &mut transaction).await?;
transaction.commit().await?;

Ok(record)
Expand Down
27 changes: 27 additions & 0 deletions backend/src/auth_service/connection_package/mod.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
// SPDX-FileCopyrightText: 2023 Phoenix R&D GmbH <[email protected]>
//
// SPDX-License-Identifier: AGPL-3.0-or-later

use phnxtypes::messages::client_as::ConnectionPackage;
use serde::{Deserialize, Serialize};

mod persistence;

#[derive(Serialize, Deserialize)]
pub(in crate::auth_service) enum StorableConnectionPackage {
V1(ConnectionPackage),
}

impl From<StorableConnectionPackage> for ConnectionPackage {
fn from(connection_package: StorableConnectionPackage) -> Self {
match connection_package {
StorableConnectionPackage::V1(connection_package) => connection_package,
}
}
}

impl From<ConnectionPackage> for StorableConnectionPackage {
fn from(connection_package: ConnectionPackage) -> Self {
StorableConnectionPackage::V1(connection_package)
}
}
Loading

0 comments on commit 486a287

Please sign in to comment.