Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port: Shamir-based shared recovery device #7324

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open

Port: Shamir-based shared recovery device #7324

wants to merge 19 commits into from

Conversation

AureliaDolo
Copy link
Contributor

@AureliaDolo AureliaDolo commented May 16, 2024
edited

Related #6090

Fix #7357

@AureliaDolo AureliaDolo requested review from a team as code owners May 16, 2024 15:43
@AureliaDolo AureliaDolo marked this pull request as draft May 16, 2024 15:46
@AureliaDolo AureliaDolo marked this pull request as draft May 16, 2024 15:46
@AureliaDolo AureliaDolo self-assigned this May 16, 2024
@AureliaDolo AureliaDolo force-pushed the aurelia/shamir branch 4 times, most recently from b34bdcb to e5ed694 Compare May 16, 2024 16:32
@AureliaDolo AureliaDolo marked this pull request as ready for review May 17, 2024 15:01
@AureliaDolo
Copy link
Contributor Author

I have to split the checklist into issues and I'll implement the postrgre version once every route has been tested with the memory impl

@AureliaDolo AureliaDolo force-pushed the aurelia/shamir branch 4 times, most recently from e7b72a9 to 3047103 Compare May 23, 2024 09:52
@FirelightFlagboy FirelightFlagboy mentioned this pull request May 23, 2024
Open
@AureliaDolo AureliaDolo force-pushed the aurelia/shamir branch 3 times, most recently from a92c18a to 4687a91 Compare May 27, 2024 11:19
FirelightFlagboy
FirelightFlagboy reviewed May 27, 2024
View reviewed changes
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5 Outdated Show resolved Hide resolved
libparsec/crates/protocol/tests/authenticated_cmds/v4/shamir_recovery_setup.rs Show resolved Hide resolved
server/parsec/components/memory/datamodel.py Show resolved Hide resolved
server/parsec/components/shamir.py
Comment on lines +44 to +58
# async def test_dump_current_shamir(
# self, organization_id: OrganizationID
# ) -> dict[UserID, ShamirDump]:
# raise NotImplementedError
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dead code ? can it be removed ?

server/tests/api_v4/authenticated/test_shamir_recovery_setup.py Outdated Show resolved Hide resolved
server/tests/common/rpc.py Outdated Show resolved Hide resolved
@FirelightFlagboy FirelightFlagboy mentioned this pull request May 27, 2024
Closed
vxgmichel
vxgmichel requested changes May 28, 2024
View reviewed changes
Copy link
Contributor

@vxgmichel vxgmichel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of comments, LGTM otherwise 👍

server/parsec/components/memory/datamodel.py Show resolved Hide resolved
server/parsec/components/memory/shamir.py Show resolved Hide resolved
server/parsec/components/shamir.py Outdated Show resolved Hide resolved
server/parsec/components/memory/shamir.py Outdated
return authenticated_cmds.latest.shamir_recovery_setup.RepAlreadySet()

case VerifyCertificatesBadOutcome.INVALID_DATA:
return authenticated_cmds.latest.shamir_recovery_setup.RepInvalidData()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Contrary to v2, this method needs to include all the required checks:

  • organization exists and not expired
  • author exists and not revoked and not frozen
  • all recipients exists and not revoked
  • check that certificate timestamps are strictly increasing in the shamir topic

See methods in other components for reference.

mmmarcos
mmmarcos reviewed May 28, 2024
View reviewed changes
Copy link
Contributor

@mmmarcos mmmarcos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some comments. Thanks for all those docstrings and code comments! 👍

libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5 Outdated Show resolved Hide resolved
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5 Outdated Show resolved Hide resolved
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5 Outdated Show resolved Hide resolved
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5 Outdated Show resolved Hide resolved
server/parsec/components/memory/shamir.py
) -> None:
self._data.organizations[organization_id].shamir_setup.pop(author)

async def add_recovery_setup(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some sanity_check is probably required before calling verify_certificates: the organization exists and is not expired? author exists and is not revoked?
See for example

parsec-cloud/server/parsec/components/memory/realm.py

Lines 79 to 92 in 5364230

try:
org = self._data.organizations[organization_id]
except KeyError:
return RealmCreateStoreBadOutcome.ORGANIZATION_NOT_FOUND
if org.is_expired:
return RealmCreateStoreBadOutcome.ORGANIZATION_EXPIRED
try:
author_device = org.devices[author]
except KeyError:
return RealmCreateStoreBadOutcome.AUTHOR_NOT_FOUND
author_user = org.users[author.user_id]
if author_user.is_revoked:
return RealmCreateStoreBadOutcome.AUTHOR_REVOKED

BTW there is an ongoing discussion about these checks (error-prone, duplicated code): #7119

libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5 Outdated Show resolved Hide resolved
libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5 Outdated
Comment on lines 25 to 27
// Cannot deserialize data into the expected certificate, or inconsistency
// between certificates and/or threshold
"status": "invalid_data"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not expose specific status? i.e. invalid_recipient, recipient_not_in_brief, recipient_already_has_share, etc.
It seems that this is how it was defined in the RFC, but I ask just out of curiosity.
cc @vxgmichel

@AureliaDolo AureliaDolo force-pushed the aurelia/shamir branch 2 times, most recently from fd37bfe to bd89973 Compare May 30, 2024 14:23
FirelightFlagboy
FirelightFlagboy reviewed May 31, 2024
View reviewed changes
libparsec/crates/protocol/tests/authenticated_cmds/v4/shamir_recovery_setup.rs
Comment on lines +71 to +72
let empty_req = authenticated_cmds::shamir_recovery_setup::Req { setup: None };
let expected = authenticated_cmds::AnyCmdReq::ShamirRecoverySetup(empty_req.clone());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: Move the expected after let data = ... (line 78)

libparsec/crates/protocol/tests/authenticated_cmds/v4/shamir_recovery_setup.rs
let data2 = authenticated_cmds::AnyCmdReq::load(&raw2).unwrap();
p_assert_eq!(data2, expected);

let req = authenticated_cmds::shamir_recovery_setup::Req {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: Move the expected after let data = ... (line 110)

AureliaDolo and others added 19 commits May 31, 2024 11:17
@AureliaDolo
Add shamir_recovery_setup schema.
1596453
@AureliaDolo
Add shamir create test.
ef0f966
@AureliaDolo
[Shamir] Add create setup test.
4336187
@AureliaDolo
Add shamir recovery setup cmd de/serializing tests.
5ded689
@AureliaDolo
Ignore unimplemented postgre tests.
2cc263f
@AureliaDolo
Shamir setup: custom error for certificate verification.
7bb6896
@AureliaDolo
[WIP] Use shamir reveal token instead of bytes.
95e21bb
@AureliaDolo
Return error when attempting to overwrite existing shamir.
e491318
@AureliaDolo
Fix de/serialization tests for shamir setup.
79086a4
@AureliaDolo
Helper to setup test shamir.
ea43551
@AureliaDolo
Rename shamir setup status for consistency.
8e73473
@AureliaDolo
Rename shamir setup status for consistency.
7c78f91
@AureliaDolo @mmmarcos
Typos
6d22ece 
Co-authored-by: Marcos Medrano <786907+mmmarcos@users.noreply.github.com>
@AureliaDolo
Add doc in tests.
7b3522a
@AureliaDolo
Add checks for shamir creation.
3849f49
@AureliaDolo
Rename shamir errors for consistency.
36cd7d8
@AureliaDolo
Add test_authenticated_shamir_recovery_setup_invalid_data test.
544bbdd
@AureliaDolo
Update hex comments for shamir tests.
32188a7
@AureliaDolo
Add checks for shamir setup creation.
f1a64f6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmmarcos mmmarcos mmmarcos left review comments

@FirelightFlagboy FirelightFlagboy FirelightFlagboy requested changes

@vxgmichel vxgmichel Awaiting requested review from vxgmichel

Requested changes must be addressed to merge this pull request.

Assignees

@AureliaDolo AureliaDolo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Shamir port: server side route create_shared_recovery_device
4 participants
@AureliaDolo @mmmarcos @vxgmichel @FirelightFlagboy