-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Port: Shamir-based shared recovery device #7324
base: master
Are you sure you want to change the base?
Conversation
bee2c50
to
ea581bf
Compare
b34bdcb
to
e5ed694
Compare
I have to split the checklist into issues and I'll implement the postrgre version once every route has been tested with the memory impl |
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5
Outdated
Show resolved
Hide resolved
server/tests/api_v4/authenticated/test_shamir_recovery_setup.py
Outdated
Show resolved
Hide resolved
e7b72a9
to
3047103
Compare
server/tests/api_v4/authenticated/test_shamir_recovery_setup.py
Outdated
Show resolved
Hide resolved
server/tests/api_v4/authenticated/test_shamir_recovery_setup.py
Outdated
Show resolved
Hide resolved
a92c18a
to
4687a91
Compare
server/tests/api_v4/authenticated/test_shamir_recovery_setup.py
Outdated
Show resolved
Hide resolved
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5
Outdated
Show resolved
Hide resolved
libparsec/crates/protocol/tests/authenticated_cmds/v4/shamir_recovery_setup.rs
Show resolved
Hide resolved
# async def test_dump_current_shamir( | ||
# self, organization_id: OrganizationID | ||
# ) -> dict[UserID, ShamirDump]: | ||
# raise NotImplementedError |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dead code ? can it be removed ?
server/tests/api_v4/authenticated/test_shamir_recovery_setup.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of comments, LGTM otherwise 👍
return authenticated_cmds.latest.shamir_recovery_setup.RepAlreadySet() | ||
|
||
case VerifyCertificatesBadOutcome.INVALID_DATA: | ||
return authenticated_cmds.latest.shamir_recovery_setup.RepInvalidData() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Contrary to v2, this method needs to include all the required checks:
- organization exists and not expired
- author exists and not revoked and not frozen
- all recipients exists and not revoked
- check that certificate timestamps are strictly increasing in the shamir topic
See methods in other components for reference.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some comments. Thanks for all those docstrings and code comments! 👍
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5
Outdated
Show resolved
Hide resolved
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5
Outdated
Show resolved
Hide resolved
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5
Outdated
Show resolved
Hide resolved
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5
Outdated
Show resolved
Hide resolved
) -> None: | ||
self._data.organizations[organization_id].shamir_setup.pop(author) | ||
|
||
async def add_recovery_setup( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some sanity_check is probably required before calling verify_certificates
: the organization exists and is not expired? author exists and is not revoked?
See for example
parsec-cloud/server/parsec/components/memory/realm.py
Lines 79 to 92 in 5364230
try: | |
org = self._data.organizations[organization_id] | |
except KeyError: | |
return RealmCreateStoreBadOutcome.ORGANIZATION_NOT_FOUND | |
if org.is_expired: | |
return RealmCreateStoreBadOutcome.ORGANIZATION_EXPIRED | |
try: | |
author_device = org.devices[author] | |
except KeyError: | |
return RealmCreateStoreBadOutcome.AUTHOR_NOT_FOUND | |
author_user = org.users[author.user_id] | |
if author_user.is_revoked: | |
return RealmCreateStoreBadOutcome.AUTHOR_REVOKED |
BTW there is an ongoing discussion about these checks (error-prone, duplicated code): #7119
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5
Outdated
Show resolved
Hide resolved
// Cannot deserialize data into the expected certificate, or inconsistency | ||
// between certificates and/or threshold | ||
"status": "invalid_data" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not expose specific status? i.e. invalid_recipient
, recipient_not_in_brief
, recipient_already_has_share
, etc.
It seems that this is how it was defined in the RFC, but I ask just out of curiosity.
cc @vxgmichel
4687a91
to
04393c9
Compare
libparsec/crates/protocol/tests/authenticated_cmds/v4/shamir_recovery_setup.rs
Outdated
Show resolved
Hide resolved
fd37bfe
to
bd89973
Compare
let empty_req = authenticated_cmds::shamir_recovery_setup::Req { setup: None }; | ||
let expected = authenticated_cmds::AnyCmdReq::ShamirRecoverySetup(empty_req.clone()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: Move the expected
after let data = ...
(line 78)
let data2 = authenticated_cmds::AnyCmdReq::load(&raw2).unwrap(); | ||
p_assert_eq!(data2, expected); | ||
|
||
let req = authenticated_cmds::shamir_recovery_setup::Req { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: Move the expected
after let data = ...
(line 110)
bf47390
to
f1a64f6
Compare
Related #6090
Fix #7357