Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[_] feat: add hybrid encryption support for pre created users #465

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[_] feat: add hybrid encryption support for pre created users #465

wants to merge 3 commits into from

Conversation

apsantiso
Copy link
Collaborator

@apsantiso apsantiso commented Jan 31, 2025
edited
Loading

We need to add support for pre-created users' Kyber keys. This PR enables the backend to generate temporary Kyber keys while also allowing hybrid-encrypted invitations to be updated with frontend-generated keys when the user registers.

Changes

  • Added support for pre-created users' Kyber keys.
  • The backend now generates temporary Kyber keys for pre-created users.
  • Hybrid-encrypted invitations are updated with frontend-generated keys when the user registers.
  • Hybrid-encrypted invitations that belongs to pre-created users without any kyber key and/or new kyber keys are not re generated when users register, get deleted. This is an edge case but it is possible if user registers from any source that does not provide kyber keys.
  • Added an import helper for ESM packages. Since NestJS compiles into CommonJS and is written in TypeScript, we cannot import ESM libraries traditionally. NestJS does not support ESM yet, and a standard dynamic import won't work due to TypeScript compilation. See this example in NestJS's official repo.
  • Added Kyber KEM as a provider, initializing it on bootstrap to avoid using dynamic imports on every request.

Updated Endpoints

  • POST /users/: Now updates hybrid-encrypted invitations when a pre-created user registers.
  • POST /users/pre-created/register: Now updates hybrid-encrypted invitations when a pre-created user registers.
  • POST /users/pre-created/: Now generates Kyber keys alongside ECC keys.

@apsantiso apsantiso changed the title feat initial commit kyber pre creted users feat: add hybrid encryption support for pre created users Jan 31, 2025
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from bd12b20 to be04718 Compare February 3, 2025 23:08
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from be04718 to a70fe50 Compare February 4, 2025 13:24
@apsantiso apsantiso self-assigned this Feb 4, 2025
@apsantiso apsantiso changed the title feat: add hybrid encryption support for pre created users [_] feat: add hybrid encryption support for pre created users Feb 4, 2025
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from c10f374 to 9933af0 Compare February 4, 2025 18:25
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from 9933af0 to f80954b Compare February 4, 2025 19:34
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from f80954b to d7aaf94 Compare February 4, 2025 19:34
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from d7aaf94 to 282ca7e Compare February 4, 2025 19:52
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from 282ca7e to d5a2c97 Compare February 4, 2025 19:59
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from d5a2c97 to 065bab4 Compare February 4, 2025 20:13
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from 065bab4 to 8f34ca9 Compare February 4, 2025 20:14
@apsantiso apsantiso force-pushed the feat/add-support-for-pre-created-users-kyber branch from 8f34ca9 to 23d5d48 Compare February 4, 2025 20:20
@apsantiso apsantiso marked this pull request as ready for review February 4, 2025 20:22
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 4, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
86.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@apsantiso apsantiso requested a review from sg-gs February 4, 2025 20:59
@sg-gs sg-gs added the enhancement New feature or request label Feb 12, 2025
sg-gs
sg-gs reviewed Feb 12, 2025
View reviewed changes
Copy link
Member

@sg-gs sg-gs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find the cryptography tests a bit weak. The main reason is that we are mocking the underlying libraries doing the hard thing, which is not the best way to ensure this does not get broken.

It would be better to use NIST cases hardcoded here so we assert the same things that some of the best cryptography experts in the world consider valid to ensure the validity of algorithms like Kyber.

Therefore, I invite @TamaraFinogina here to join the review as she has done that on drive-web

@sg-gs sg-gs requested a review from TamaraFinogina February 12, 2025 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sg-gs sg-gs sg-gs left review comments

@TamaraFinogina TamaraFinogina Awaiting requested review from TamaraFinogina

At least 1 approving review is required to merge this pull request.

Assignees

@apsantiso apsantiso

Labels
enhancement New feature or request ready-for-preview
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@apsantiso @sg-gs