Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(web-client): add Diffie-Hellman key agreement #345

Merged
merged 1 commit into from
Sep 14, 2022
Merged

feat(web-client): add Diffie-Hellman key agreement #345

merged 1 commit into from
Sep 14, 2022

Conversation

jdvlio
Copy link
Contributor

@jdvlio jdvlio commented Aug 25, 2022
edited
Loading

Overview

Diffie-Hellman key agreement in order to establish shared secrets. This allows us to establish "session keys" for the authentication of multi-step exchanges between the client and server. Refer to the sequence diagram below.

Aim

The original intent of this functionality is to serve as a foundation for the wallet PIN reset feature (#316), as facilitated by the implementation of #344. However, it is possible to re-use the provided interface to instantiate an authenticated session with the wallet enclave. despite the stateless nature of SGX enclaves.

Context

PIN reset functionality is a two-step process:

  1. Send a user's attempts at answering pre-defined security questions to the backend for verification.
  2. Upon succeeding, the client sends a follow-up request containing their newly chosen PIN to complete the reset process.

Upon receiving the second message, it is the responsibility of the enclave to verify that the newly proposed PIN was sent by the same user that correctly answered the security questions in the previous exchange. The enclave has no inherent state that it may rely on but is, however, capable of deterministically deriving secrets from any provided context. These can then be used to participate in a Diffie-Hellman key agreement in order to establish a shared secret between the user and the wallet enclave.

As a result, the shared secret can be used to calculate a MAC of the PIN which it sends as part of the follow-up request to the enclave server. All that remains is for the enclave to use this shared secret to authenticate the newly acquired PIN before finally resetting the user's wallet PIN.

Patches

The upstream stablelib library does not, in its present state, support ESM. Since ESM support is required by Jasmine, our testing framework, the changes outlined in StableLib/stablelib#51 had to be patched in. Once the aforementioned changes are merged upstream, we may remove the patches from our version control.

@netlify
Copy link

netlify bot commented Aug 25, 2022
edited
Loading

Deploy Preview for nautilus-wallet-staging ready!

Name Link
🔨 Latest commit 9272012
🔍 Latest deploy log https://app.netlify.com/sites/nautilus-wallet-staging/deploys/631f0832cf8bb800081ed18e
😎 Deploy Preview https://deploy-preview-345--nautilus-wallet-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@jdvlio jdvlio requested a review from sonasi August 25, 2022 11:28
@jdvlio jdvlio changed the title feat(web-client): add Diffie-Hellman key agreement [WIP] feat(web-client): add Diffie-Hellman key agreement Aug 25, 2022
@billguo99
Copy link
Contributor

billguo99 commented Aug 25, 2022
edited
Loading

image

@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch 3 times, most recently from f5f3766 to 112c8b0 Compare August 25, 2022 15:01
@codecov-commenter
Copy link

Codecov Report

Merging #345 (112c8b0) into main (b8ff054) will decrease coverage by 0.26%.
The diff coverage is 9.09%.

@@            Coverage Diff             @@
##             main     #345      +/-   ##
==========================================
- Coverage   53.55%   53.28%   -0.27%     
==========================================
  Files         124      124              
  Lines        1813     1824      +11     
  Branches      338      339       +1     
==========================================
+ Hits          971      972       +1     
- Misses        842      852      +10
Impacted Files Coverage Δ
web-client/src/schema/crypto.ts 56.52% <9.09%> (-43.48%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@billguo99
Copy link
Contributor

Please add the HMAC functionality.

@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch 4 times, most recently from 0dce201 to 1668140 Compare August 29, 2022 17:39
@jdvlio jdvlio changed the title [WIP] feat(web-client): add Diffie-Hellman key agreement feat(web-client): add Diffie-Hellman key agreement Aug 30, 2022
@jdvlio jdvlio marked this pull request as ready for review August 30, 2022 07:47
@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch from 1668140 to ba21fac Compare August 30, 2022 07:51
billguo99
billguo99 reviewed Aug 30, 2022
View reviewed changes
package-lock.json Outdated Show resolved Hide resolved
web-client/src/schema/crypto.ts Show resolved Hide resolved
web-client/src/schema/crypto.ts Outdated Show resolved Hide resolved
web-client/src/schema/crypto.ts Outdated Show resolved Hide resolved
@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch 2 times, most recently from ab09bac to 835e69e Compare September 1, 2022 09:20
@jdvlio jdvlio mentioned this pull request Sep 2, 2022
Merged
@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch 2 times, most recently from 568c30e to 6ebfd03 Compare September 6, 2022 15:02
@jdvlio jdvlio marked this pull request as draft September 7, 2022 07:06
@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch 3 times, most recently from 2098b99 to 4bcab33 Compare September 7, 2022 07:35
billguo99
billguo99 requested changes Sep 7, 2022
View reviewed changes
web-client/src/schema/crypto.ts Outdated Show resolved Hide resolved
web-client/src/schema/crypto.ts Show resolved Hide resolved
web-client/src/schema/crypto.ts Outdated Show resolved Hide resolved
web-client/src/schema/crypto.ts Outdated Show resolved Hide resolved
@billguo99
Copy link
Contributor

Rebase branch with main :)

@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch 5 times, most recently from a8644e5 to 8e4839e Compare September 8, 2022 12:55
@jdvlio jdvlio marked this pull request as ready for review September 8, 2022 12:58
@jdvlio jdvlio requested a review from billguo99 September 8, 2022 12:59
billguo99
billguo99 requested changes Sep 8, 2022
View reviewed changes
web-client/src/schema/crypto.ts Outdated Show resolved Hide resolved
@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch from 8e4839e to 0936b29 Compare September 12, 2022 09:29
@jdvlio jdvlio requested a review from billguo99 September 12, 2022 10:17
@jdvlio jdvlio force-pushed the feat-client-diffie-hellman branch from 0936b29 to 9272012 Compare September 12, 2022 10:21
@jdvlio jdvlio merged commit d1ae476 into main Sep 14, 2022
@jdvlio jdvlio deleted the feat-client-diffie-hellman branch September 14, 2022 06:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@billguo99 billguo99 billguo99 approved these changes

@jongbonga jongbonga Awaiting requested review from jongbonga

@IscoRuta98 IscoRuta98 Awaiting requested review from IscoRuta98

@sonasi sonasi Awaiting requested review from sonasi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jdvlio @billguo99 @codecov-commenter