Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add recursive lookup for key exchange keys when encrypting data #203

Merged
merged 3 commits into from
Nov 8, 2021
Merged

feat: add recursive lookup for key exchange keys when encrypting data #203

merged 3 commits into from
Nov 8, 2021

Conversation

haardikk21
Copy link
Contributor

Solves #202

Provides two additional test cases:

  • did's controller has key agreement keys
  • did is controlled by another did of the same type, and the grandparent controller has key agreement keys

cc @oed

oed
oed suggested changes Oct 13, 2021
View reviewed changes
Copy link
Contributor

@oed oed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make sure to user the correct controllers property :)

src/__tests__/xc20pEncryption.test.ts Show resolved Hide resolved
src/xc20pEncryption.ts Outdated Show resolved Hide resolved
src/xc20pEncryption.ts Outdated Show resolved Hide resolved
mirceanis
mirceanis requested changes Oct 21, 2021
View reviewed changes
Copy link
Member

@mirceanis mirceanis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wonderful contribution, thank you!

There is an edge case that is not covered and I think fixing it is a must: the exit from recursion when there is a controller loop.

The inline method encryptersForDID() MUST check for already resolved controllers to prevent denial of service attacks.

Also, I believe a recursive controller resolution method is valuable also for verification, not just encryption.
Would you be willing to turn it into a utility method that accepts a set of verification relationships for filtering? In your case you would call it using ["keyAgreement"] as a filter.

src/xc20pEncryption.ts Outdated
if (didDocument.controller) {
const controllers = Array.isArray(didDocument.controller) ? didDocument.controller : [didDocument.controller]
const encrypterPromises = controllers.map((did) =>
encryptersForDID(did).catch(() => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no exit from this recursion in case of loop.

didA controlled by didB controlled by didA will lead to infinite loop and could be used to create a denial of service attack.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the delayed response, was away for a few days. I agree with your suggestions and will update the PR as such.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you like for the utility function to support all the various key capabilities in KeyCapabilitySection and perhaps additionally controller?

Copy link
Member

@mirceanis mirceanis Oct 27, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be nice, but it's not mandatory for this pr.

No need to apologize, we're all busy :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I'll get the infinite loop break in and then we can merge this, will do the utility function separately :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in 133080d

mirceanis
mirceanis approved these changes Nov 8, 2021
View reviewed changes
Copy link
Member

@mirceanis mirceanis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, thanks for the contribution!

@mirceanis mirceanis merged commit 63999a5 into decentralized-identity:master Nov 8, 2021
uport-automation-bot pushed a commit that referenced this pull request Nov 8, 2021
@semantic-release-bot
chore(release): 5.10.0 [skip ci]
3ae3ee4 
# [5.10.0](5.9.0...5.10.0) (2021-11-08)

### Features

* add recursive lookup for key exchange keys when encrypting data ([#203](#203)) ([63999a5](63999a5)), closes [#202](#202)
@uport-automation-bot
Copy link
Collaborator

🎉 This PR is included in version 5.10.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oed oed oed requested changes

@mirceanis mirceanis mirceanis approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@haardikk21 @uport-automation-bot @mirceanis @oed