Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Save the key backup key to 4S during bootstrapCrossSigning #4542

Open
wants to merge 10 commits into
base: develop
Choose a base branch
from
Open

Save the key backup key to 4S during bootstrapCrossSigning #4542

wants to merge 10 commits into from

Conversation

dbkr
Copy link
Member

@dbkr dbkr commented Nov 22, 2024

When setting up secret storage, if we have a key backup key in cache (like we do for the cross signing secrets).

Checklist

  • Tests written for new code (and old code if feasible).
  • New or updated public/exported symbols have accurate TSDoc documentation.
  • Linter and other CI checks pass.
  • Sign-off given on the changes (see CONTRIBUTING.md).

@dbkr
Save the key backup key to secret storage
3de049a 
When setting up secret storage, if we have a key backup key in cache
(like we do for the cross signing secrets).
@dbkr dbkr added the T-Defect label Nov 22, 2024
@dbkr dbkr marked this pull request as ready for review November 22, 2024 18:13
@dbkr dbkr requested a review from a team as a code owner November 22, 2024 18:13
@dbkr dbkr requested review from uhoreg and richvdh November 22, 2024 18:13
dbkr
dbkr commented Nov 22, 2024
View reviewed changes
src/rust-crypto/rust-crypto.ts Outdated
]);

if (keyBackupKey && !keyBackupKeyInStorage) {
await this.secretStorage.store("m.megolm_backup.v1", encodeBase64(keyBackupKey));
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the right way to do this? Seems like it, but I couldn't find a comparison.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be an example in when you resetKeyBackup(). I think that is fine, maybe you could get it from the rust olmMachine directly to avoid a base64 -> byte array -> base64?

Shouldn't we check more than keyBackupKeyInStorage ? What if the 4S contains an old key it won't be updated? Maybe we should check that the key in cache is valid before adding it to 4S? Is the backup trusted?

Is there a link to an issue for this PR?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I think that should be better. I've made it overwrite the key if different, as per the comment.

This came out as part of the key backup by default work, so it's not a huge bug currently, but would break the flow of setting up 4S after a key backup, hence no issue.

BillCarsonFr
BillCarsonFr requested changes Nov 25, 2024
View reviewed changes
src/rust-crypto/rust-crypto.ts Outdated
]);

if (keyBackupKey && !keyBackupKeyInStorage) {
await this.secretStorage.store("m.megolm_backup.v1", encodeBase64(keyBackupKey));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be an example in when you resetKeyBackup(). I think that is fine, maybe you could get it from the rust olmMachine directly to avoid a base64 -> byte array -> base64?

Shouldn't we check more than keyBackupKeyInStorage ? What if the 4S contains an old key it won't be updated? Maybe we should check that the key in cache is valid before adding it to 4S? Is the backup trusted?

Is there a link to an issue for this PR?

@dbkr
Get the key directly from the olmMachine
a84b545 
saves converting it needlessly into a buffer to turn it back into
a base64 string
@richvdh richvdh changed the title Save the key backup key to secret storage Save the key backup key to 4S during bootstrapCrossSigning Nov 25, 2024
richvdh
richvdh reviewed Nov 25, 2024
View reviewed changes
spec/unit/rust-crypto/rust-crypto.spec.ts Outdated
@@ -705,6 +705,47 @@ describe("RustCrypto", () => {
expect(resetKeyBackup.mock.calls).toHaveLength(2);
});

it("bootstrapSecretStorage saves megolm backup key if already cached", async () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get an integ test for this as well, please? (One which works only through the public APIs of the js-sdk, together with fetchMock)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should do the trick?

@dbkr dbkr requested a review from BillCarsonFr December 2, 2024 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh left review comments

@uhoreg uhoreg Awaiting requested review from uhoreg uhoreg is a code owner automatically assigned from matrix-org/element-crypto-web-reviewers

@BillCarsonFr BillCarsonFr Awaiting requested review from BillCarsonFr

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
T-Defect
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dbkr @richvdh @BillCarsonFr