From 907e8fa91b18cf8b5977699ca66f73b84553f714 Mon Sep 17 00:00:00 2001 From: Justin Garcia Date: Thu, 2 May 2024 14:12:28 +0800 Subject: [PATCH] feat: remove IVs from secrets model --- lib/backend/Routes/Api/Secrets.ml | 16 ++------ .../js/pages/GetStartedPageGenerateHooks.re | 6 --- lib/models/Secrets.ml | 18 --------- lib/models/Secrets.mli | 9 ----- lib/types/definitions.atd | 3 -- test/backend/Secrets_Api_test.ml | 6 --- test/models/Secrets_test.ml | 40 +++++-------------- 7 files changed, 13 insertions(+), 85 deletions(-) diff --git a/lib/backend/Routes/Api/Secrets.ml b/lib/backend/Routes/Api/Secrets.ml index 5528387..10a7a56 100644 --- a/lib/backend/Routes/Api/Secrets.ml +++ b/lib/backend/Routes/Api/Secrets.ml @@ -20,24 +20,18 @@ let get_secrets request (user_id : int32) = { user_id = _; encrypted_master_key; - master_key_iv; encrypted_protection_key; - protection_key_iv; exported_protection_key; encrypted_verification_key; - verification_key_iv; exported_verification_key; } -> Lwt.return_ok @@ Some { encrypted_master_key; - master_key_iv; encrypted_protection_key; - protection_key_iv; exported_protection_key; encrypted_verification_key; - verification_key_iv; exported_verification_key; } | None -> Lwt.return_ok None @@ -45,13 +39,10 @@ let get_secrets request (user_id : int32) = let insert_secrets request (user_id : int32) ({ encrypted_master_key; - master_key_iv; encrypted_protection_key; exported_protection_key; - protection_key_iv; encrypted_verification_key; exported_verification_key; - verification_key_iv; } : register_keys_payload) = let open Lwt_result.Syntax in @@ -63,10 +54,9 @@ let insert_secrets request (user_id : int32) if has_keys then Lwt.return_ok false else let* () = - Models.Secrets.insert ~user_id ~encrypted_master_key ~master_key_iv - ~encrypted_protection_key ~protection_key_iv ~exported_verification_key - ~encrypted_verification_key ~verification_key_iv - ~exported_protection_key connection + Models.Secrets.insert ~user_id ~encrypted_master_key + ~encrypted_protection_key ~exported_verification_key + ~encrypted_verification_key ~exported_protection_key connection in Lwt.return_ok true diff --git a/lib/frontend/js/pages/GetStartedPageGenerateHooks.re b/lib/frontend/js/pages/GetStartedPageGenerateHooks.re index 290f8cd..9f24b51 100644 --- a/lib/frontend/js/pages/GetStartedPageGenerateHooks.re +++ b/lib/frontend/js/pages/GetStartedPageGenerateHooks.re @@ -78,20 +78,14 @@ let useGenerateKeys = () => { push({kind: Loading, message: "Submitting"}); let registerKeysPayload: Types_universal.Definitions_t.register_keys_payload = { encrypted_master_key: wrappedMasterKey |> Base64_js.ArrayBuffer.encode, - master_key_iv: - clientSecrets.masterKeyIv |> Base64_js.Uint8Array.encode, encrypted_protection_key: wrappedProtectionKey |> Base64_js.ArrayBuffer.encode, exported_protection_key: exportedProtectionKey |> Base64_js.ArrayBuffer.encode, - protection_key_iv: - clientSecrets.protectionKeyIv |> Base64_js.Uint8Array.encode, encrypted_verification_key: wrappedVerificationKey |> Base64_js.ArrayBuffer.encode, exported_verification_key: exportedVerificationKey |> Base64_js.ArrayBuffer.encode, - verification_key_iv: - clientSecrets.verificationKeyIv |> Base64_js.Uint8Array.encode, }; let* _ = ApiSecrets.post(registerKeysPayload); let* _ = sleep(500); diff --git a/lib/models/Secrets.ml b/lib/models/Secrets.ml index 7db06ac..b4c874d 100644 --- a/lib/models/Secrets.ml +++ b/lib/models/Secrets.ml @@ -3,12 +3,9 @@ open Utils type t = { user_id : int32; encrypted_master_key : string; - master_key_iv : string; encrypted_protection_key : string; - protection_key_iv : string; exported_protection_key : string; encrypted_verification_key : string; - verification_key_iv : string; exported_verification_key : string; } @@ -20,14 +17,11 @@ CREATE TABLE IF NOT EXISTS secrets ( user_id INT PRIMARY KEY REFERENCES users(id), encrypted_master_key BYTEA NOT NULL, - master_key_iv BYTEA NOT NULL, encrypted_protection_key BYTEA NOT NULL, - protection_key_iv BYTEA NOT NULL, exported_protection_key BYTEA NOT NULL, encrypted_verification_key BYTEA NOT NULL, - verification_key_iv BYTEA NOT NULL, exported_verification_key BYTEA NOT NULL ); |sql}] @@ -41,14 +35,11 @@ SELECT @int32{user_id}, @Base64Octets{encrypted_master_key}, - @Base64Octets{master_key_iv}, @Base64Octets{encrypted_protection_key}, - @Base64Octets{protection_key_iv}, @Base64Octets{exported_protection_key}, @Base64Octets{encrypted_verification_key}, - @Base64Octets{verification_key_iv}, @Base64Octets{exported_verification_key} FROM secrets @@ -65,14 +56,11 @@ SELECT @int32{user_id}, @Base64Octets{encrypted_master_key}, - @Base64Octets{master_key_iv}, @Base64Octets{encrypted_protection_key}, - @Base64Octets{protection_key_iv}, @Base64Octets{exported_protection_key}, @Base64Octets{encrypted_verification_key}, - @Base64Octets{verification_key_iv}, @Base64Octets{exported_verification_key} FROM secrets @@ -93,28 +81,22 @@ INSERT INTO secrets ( user_id, encrypted_master_key, - master_key_iv, encrypted_protection_key, - protection_key_iv, exported_protection_key, encrypted_verification_key, - verification_key_iv, exported_verification_key ) VALUES( %int32{user_id}, %Base64Octets{encrypted_master_key}, - %Base64Octets{master_key_iv}, %Base64Octets{encrypted_protection_key}, - %Base64Octets{protection_key_iv}, %Base64Octets{exported_protection_key}, %Base64Octets{encrypted_verification_key}, - %Base64Octets{verification_key_iv}, %Base64Octets{exported_verification_key} ); |sql}] diff --git a/lib/models/Secrets.mli b/lib/models/Secrets.mli index ba492cf..29cf8a5 100644 --- a/lib/models/Secrets.mli +++ b/lib/models/Secrets.mli @@ -5,21 +5,15 @@ type t = { encrypted_master_key : string; (** The symmetric key used to encrypt the {!encrypted_protection_key} and {!encrypted_verification_key}. *) - master_key_iv : string; - (** The [iv] used to encrypt the {!encrypted_master_key}. *) encrypted_protection_key : string; (** The private key used to decrypt the "[EphemeralKey]" that's passed alongside a message. *) - protection_key_iv : string; - (** The [iv] used to encrypt the {!encrypted_protection_key}. *) exported_protection_key : string; (** The public key used to encrypt the "[EphemeralKey]" that's passed alongside a message. *) encrypted_verification_key : string; (** The private key used to produce the signature that's passed alongside a message. *) - verification_key_iv : string; - (** The [iv] used to encrypt the {!encrypted_verification_key}. *) exported_verification_key : string; (** The public key used to verify the signature that's passed alongside a message. *) @@ -46,12 +40,9 @@ val get_by_username : val insert : user_id:int32 -> encrypted_master_key:string -> - master_key_iv:string -> encrypted_protection_key:string -> - protection_key_iv:string -> exported_protection_key:string -> encrypted_verification_key:string -> - verification_key_iv:string -> exported_verification_key:string -> (module Rapper_helper.CONNECTION) -> (unit, [> Caqti_error.call_or_retrieve ]) result Lwt.t diff --git a/lib/types/definitions.atd b/lib/types/definitions.atd index 3c9b20f..92ed688 100644 --- a/lib/types/definitions.atd +++ b/lib/types/definitions.atd @@ -19,13 +19,10 @@ type register_user_payload = { type register_keys_payload = { encrypted_master_key: string; - master_key_iv: string; encrypted_protection_key: string; exported_protection_key: string; - protection_key_iv: string; encrypted_verification_key: string; exported_verification_key: string; - verification_key_iv: string; } type register_response = { diff --git a/test/backend/Secrets_Api_test.ml b/test/backend/Secrets_Api_test.ml index c096a2e..4170903 100644 --- a/test/backend/Secrets_Api_test.ml +++ b/test/backend/Secrets_Api_test.ml @@ -35,21 +35,15 @@ let register_fake_user () = let make_payload generate = let encrypted_master_key = generate () in - let master_key_iv = generate () in let encrypted_protection_key = generate () in - let protection_key_iv = generate () in let encrypted_verification_key = generate () in - let verification_key_iv = generate () in let exported_protection_key = generate () in let exported_verification_key = generate () in string_of_register_keys_payload { encrypted_master_key; - master_key_iv; encrypted_protection_key; - protection_key_iv; encrypted_verification_key; - verification_key_iv; exported_protection_key; exported_verification_key; } diff --git a/test/models/Secrets_test.ml b/test/models/Secrets_test.ml index 91124a0..cb3af76 100644 --- a/test/models/Secrets_test.ml +++ b/test/models/Secrets_test.ml @@ -11,18 +11,15 @@ module Secrets = struct [ field "user_id" (fun k -> k.user_id) int32; field "encrypted_master_key" (fun k -> k.encrypted_master_key) string; - field "master_key_iv" (fun k -> k.master_key_iv) string; field "encrypted_protection_key" (fun k -> k.encrypted_protection_key) string; - field "protection_key_iv" (fun k -> k.protection_key_iv) string; field "exported_protection_key" (fun k -> k.exported_protection_key) string; field "encrypted_verification_key" (fun k -> k.encrypted_verification_key) string; - field "verification_key_iv" (fun k -> k.verification_key_iv) string; field "exported_verification_key" (fun k -> k.exported_verification_key) string; @@ -33,12 +30,9 @@ module Secrets = struct [ Int32.equal x.user_id y.user_id; String.equal x.encrypted_master_key y.encrypted_master_key; - String.equal x.master_key_iv y.master_key_iv; String.equal x.encrypted_protection_key y.encrypted_protection_key; - String.equal x.protection_key_iv y.protection_key_iv; String.equal x.exported_protection_key y.exported_protection_key; String.equal x.encrypted_verification_key y.encrypted_verification_key; - String.equal x.verification_key_iv y.verification_key_iv; String.equal x.exported_verification_key y.exported_verification_key; ] end @@ -47,12 +41,9 @@ let username = "purefunctor" let auth_token = String.make 128 ' ' let client_random = String.make 16 ' ' |> Base64.encode_exn let encrypted_master_key = String.make 512 ' ' |> Base64.encode_exn -let master_key_iv = String.make 12 ' ' |> Base64.encode_exn let encrypted_protection_key = String.make 512 ' ' |> Base64.encode_exn -let protection_key_iv = String.make 12 ' ' |> Base64.encode_exn let exported_protection_key = String.make 512 ' ' |> Base64.encode_exn let encrypted_verification_key = String.make 512 ' ' |> Base64.encode_exn -let verification_key_iv = String.make 12 ' ' |> Base64.encode_exn let exported_verification_key = String.make 512 ' ' |> Base64.encode_exn let initialize = @@ -69,9 +60,8 @@ let insert = let* _ = Initialize.initialize db in let* user_id, _ = User.insert ~username ~auth_token ~client_random db in let* _ = - Secrets.insert ~user_id ~encrypted_master_key ~master_key_iv - ~encrypted_protection_key ~protection_key_iv ~exported_protection_key - ~encrypted_verification_key ~verification_key_iv + Secrets.insert ~user_id ~encrypted_master_key ~encrypted_protection_key + ~exported_protection_key ~encrypted_verification_key ~exported_verification_key db in Lwt.return_ok () @@ -84,15 +74,13 @@ let insert_existing = let* _ = Initialize.initialize db in let* user_id, _ = User.insert ~username ~auth_token ~client_random db in let* _ = - Secrets.insert ~user_id ~encrypted_master_key ~master_key_iv - ~encrypted_protection_key ~protection_key_iv ~exported_protection_key - ~encrypted_verification_key ~verification_key_iv + Secrets.insert ~user_id ~encrypted_master_key ~encrypted_protection_key + ~exported_protection_key ~encrypted_verification_key ~exported_verification_key db in let errorful = - Secrets.insert ~user_id ~encrypted_master_key ~master_key_iv - ~encrypted_protection_key ~protection_key_iv ~exported_protection_key - ~encrypted_verification_key ~verification_key_iv + Secrets.insert ~user_id ~encrypted_master_key ~encrypted_protection_key + ~exported_protection_key ~encrypted_verification_key ~exported_verification_key db in Lwt.bind errorful (function @@ -107,9 +95,8 @@ let get_by_user_id = let* _ = Initialize.initialize db in let* user_id, _ = User.insert ~username ~auth_token ~client_random db in let* _ = - Secrets.insert ~user_id ~encrypted_master_key ~master_key_iv - ~encrypted_protection_key ~protection_key_iv ~exported_protection_key - ~encrypted_verification_key ~verification_key_iv + Secrets.insert ~user_id ~encrypted_master_key ~encrypted_protection_key + ~exported_protection_key ~encrypted_verification_key ~exported_verification_key db in let expected = @@ -117,12 +104,9 @@ let get_by_user_id = { user_id; encrypted_master_key; - master_key_iv; encrypted_protection_key; - protection_key_iv; exported_protection_key; encrypted_verification_key; - verification_key_iv; exported_verification_key; } in @@ -141,9 +125,8 @@ let get_by_username = let* _ = Initialize.initialize db in let* user_id, _ = User.insert ~username ~auth_token ~client_random db in let* _ = - Secrets.insert ~user_id ~encrypted_master_key ~master_key_iv - ~encrypted_protection_key ~protection_key_iv ~exported_protection_key - ~encrypted_verification_key ~verification_key_iv + Secrets.insert ~user_id ~encrypted_master_key ~encrypted_protection_key + ~exported_protection_key ~encrypted_verification_key ~exported_verification_key db in let expected = @@ -151,12 +134,9 @@ let get_by_username = { user_id; encrypted_master_key; - master_key_iv; encrypted_protection_key; - protection_key_iv; exported_protection_key; encrypted_verification_key; - verification_key_iv; exported_verification_key; } in