Signer-less Device Pairing #281
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nepet
force-pushed
the
202309-pairing-protocol
branch
from
41335cf to
4050841
Compare
nepet
force-pushed
the
main-0.2
branch
2 times, most recently
from
92251ee to
981db7e
Compare
nepet
force-pushed
the
main-0.2
branch
2 times, most recently
from
8b5a797 to
40c5809
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
from
4050841 to
8fb8916
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
from
8fb8916 to
5c485cd
Compare
nepet
force-pushed
the
main-0.2
branch
2 times, most recently
from
ad9d0b4 to
180bb26
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
2 times, most recently
from
e0db8e2 to
157a322
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
from
157a322 to
ed1aed8
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
from
3194f42 to
2d46078
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
from
2d46078 to
9cec7a5
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
from
9cec7a5 to
06d40ab
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
from
06d40ab to
6265146
Compare
nepet
force-pushed
the
main-0.2
branch
3 times, most recently
from
644185e to
d010f8d
Compare
nepet
force-pushed
the
main-0.2
branch
5 times, most recently
from
f2b305e to
f504032
Compare
Randy808
reviewed
Jun 12, 2024
Randy808
reviewed
Jun 12, 2024
| match self.verify_rune(PendingRequest { | ||
| request: vec![], | ||
| uri: "/cln.Node/ApprovePairing".to_string(), | ||
| signature: req.sig, |
There was a problem hiding this comment.
Does the Context need to be updated to handle the signature?
greenlight/libs/gl-client/src/runes.rs
Line 159 in e38a376
There was a problem hiding this comment.
No, this is independent of checking the actual context.
cdecker
previously approved these changes
Jun 28, 2024
There was a problem hiding this comment.
Quite an impressive PR! I went through and all I could find were small nits. There is one comment in there about the ordering assumptions on the streams, but that can be deferred until it becomes important, if we leave enough breadcrumbs to identify the issue once it arises, otherwise just naming suggestions, that you should feel free to ignore :-)
|
|
||
| message PairDeviceRequest { | ||
| // The tls public key of the new device. | ||
| string session_id = 1; |
There was a problem hiding this comment.
nit: The name session_id is a bit misleading, could cert_id or client_id be better names? This is definitely bike-shedding the name, so if interested let's merge this and continue the discussion in a separate thread.
Comment on lines
+188
to
+201
| fn restriction_contains_pubkey_exactly_once(s: &str, pubkey: &str) -> bool { | ||
| let search_field = format!("pubkey={}", pubkey); | ||
| match s.find(&search_field) { | ||
| Some(index) => { | ||
| // Check if 'pubkey=<pubkey>' is not preceded by '|' | ||
| if index > 0 && s.chars().nth(index - 1) == Some('|') { | ||
| return false; | ||
| } | ||
|
|
||
| // Check if 'pubkey=<pubkey>' is not followed by '|' | ||
| let end_index = index + search_field.len(); | ||
| if end_index < s.len() && s.chars().nth(end_index) == Some('|') { | ||
| return false; | ||
| } | ||
|
|
||
| // Check if 'pubkey=<pubkey>' appears exactly once | ||
| s.matches(&search_field).count() == 1 | ||
| } | ||
| None => false, | ||
| } | ||
| } |
There was a problem hiding this comment.
Shouldn't we be checking for a standalone pubkey=03.... restriction? That'd mean that there cannot be any qualifiers (alternatives) on that restriction, and any rune including this restriction has to adhere to that pubkey. Attempting to parse a logical expression, and testing it doesn't somehow negate the clause we're interested in is hard (NP-hard to be precise, even if parsing works perfectly).
nepet
force-pushed
the
202309-pairing-protocol
branch
from
613af99 to
7a24cba
Compare
nepet
force-pushed
the
202309-pairing-protocol
branch
2 times, most recently
from
b2cd32b to
52f60db
Compare
cdecker
force-pushed
the
202309-pairing-protocol
branch
from
52f60db to
f70230f
Compare
We need to create a keypair before we can actually create the cert during the pairing process. Signed-off-by: Peter Neuroth <[email protected]>
This commit only affects the protos, generated files and places that include the protos. Signed-off-by: Peter Neuroth <[email protected]>
This implements the service and the methods to initialize a pairing session on the "new device" Signed-off-by: Peter Neuroth <[email protected]>
Adds the PairingQR proto message and pass it to the channel once we did the request. Signed-off-by: Peter Neuroth <[email protected]>
Adds a method that returns the relevant data for "old device" to approve a pairing. This includes the requested restrictions that an old device needs to sign off. Signed-off-by: Peter Neuroth <[email protected]>
Adds the approval of the old device. This does not check the signature and does also not check the restrictions. This soley approves the pairing request. This needs a tls cert and a rune to be present as we need these to sign and attestate the approval. Signed-off-by: Peter Neuroth <[email protected]>
This adds a method to the pairing service that allows to check the validity of the PairingDataResponse. This is that the public key from the session_id matches the public key from the CSR. We may want to add a signature for the restrictions to ensure that GL did not manipulate them. We are OK for now as a user has to aggree to the restrictions anyway. Signed-off-by: Peter Neuroth <[email protected]>
Signer now receives requests from the scheduler for further processing. The signer processes a ApprovePairingRequest and responds to the scheduler. Signed-off-by: Peter Neuroth <[email protected]>
This commit replaces TlsConfig dependencies introduced by the signerless device pairing with Credentials. Signed-off-by: Peter Neuroth <[email protected]>
As we already pass the credentials to the pairing client we can also remove parts that are part of the credentials from the client struct. This allows to remove the node_id from `approve_pairing`. Signed-off-by: Peter Neuroth <[email protected]>
Signed-off-by: Peter Neuroth <[email protected]>
Signed-off-by: Peter Neuroth <[email protected]>
Signed-off-by: Peter Neuroth <[email protected]>
Using a `Result<()>` instead of printing debug logs saves some lines of code and is more idiomatic. Signed-off-by: Peter Neuroth <[email protected]>
We expect a signer response during the pairing procedure. This adds an extra assertion to help track down issues in the future. Signed-off-by: Peter Neuroth <[email protected]>
Signed-off-by: Peter Neuroth <[email protected]>
cdecker
force-pushed
the
202309-pairing-protocol
branch
from
f70230f to
83d1bfb
Compare
|
ACK f70230f |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the "Pairing Process/Protocol" to the client stack. The Pairing-Process is a way to connect a signer-less client to a greenlight node. The pairing request has to be approved by a trusted device.
I'll add a more details about the process soon.