register: revert salt weirdness

This commit is contained in:
bitful-pannul 2024-03-05 15:59:23 -03:00
parent 5bd477b050
commit a9912e6a37
8 changed files with 188 additions and 52 deletions

View File

@ -25,10 +25,13 @@ pub fn encode_keyfile(
routers: Vec<String>,
networking_key: &[u8],
jwt: &[u8],
salt: &[u8],
) -> Vec<u8> {
let mut disk_key: DiskKey = [0u8; CREDENTIAL_LEN];
let rng = SystemRandom::new();
let mut salt = [0u8; 32]; // generate a unique salt
rng.fill(&mut salt).unwrap();
pbkdf2::derive(
PBKDF2_ALG,
NonZeroU32::new(ITERATIONS).unwrap(),
@ -93,16 +96,15 @@ pub fn decode_keyfile(keyfile: &[u8], password: &str) -> Result<Keyfile, &'stati
routers,
networking_keypair,
jwt_secret_bytes,
salt,
})
}
pub fn get_info(keyfile: &[u8]) -> Result<(String, Vec<String>, Vec<u8>), &'static str> {
let (username, routers, _salt, _key_enc, _jwt_enc, password_salt) =
bincode::deserialize::<(String, Vec<String>, Vec<u8>, Vec<u8>, Vec<u8>, Vec<u8>)>(keyfile)
pub fn get_username_and_routers(keyfile: &[u8]) -> Result<(String, Vec<String>), &'static str> {
let (username, routers, _salt, _key_enc, _jwt_enc) =
bincode::deserialize::<(String, Vec<String>, Vec<u8>, Vec<u8>, Vec<u8>)>(keyfile)
.map_err(|_| "failed to deserialize keyfile")?;
Ok((username, routers, password_salt))
Ok((username, routers))
}
/// # Returns

View File

@ -1,7 +1,7 @@
{
"files": {
"main.css": "/static/css/main.dce05a4d.css",
"main.js": "/static/js/main.726c0750.js",
"main.css": "/static/css/main.054f6f32.css",
"main.js": "/static/js/main.431aef9a.js",
"static/media/unknown.png": "/static/media/unknown.880d04d4611a45ab1001.png",
"static/media/background.jpg": "/static/media/background.01d2427cfc21fb685016.jpg",
"static/media/kinode.svg": "/static/media/kinode.86d0c1a6a4a3ca3be41616b5989d6925.svg",
@ -9,7 +9,7 @@
"static/media/logo.svg": "/static/media/logo.45dcb752ac5b825f5e3b9299d2210f0a.svg"
},
"entrypoints": [
"static/css/main.dce05a4d.css",
"static/js/main.726c0750.js"
"static/css/main.054f6f32.css",
"static/js/main.431aef9a.js"
]
}

View File

@ -1 +1 @@
<!doctype html><html lang="en"><head><title>Welcome - Kinode</title><meta charset="utf-8"/><meta http-equiv="pragma" content="no-cache"/><meta http-equiv="cache-control" content="no-cache"/><link rel="preconnect" href="https://fonts.googleapis.com"><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><link href="https://fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap" rel="stylesheet"><link rel="icon" href="data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNzc5IiBoZWlnaHQ9IjUxNCIgdmlld0JveD0iMCAwIDc3OSA1MTQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgICA8c3R5bGU+CiAgICAgICAgQG1lZGlhIChwcmVmZXJzLWNvbG9yLXNjaGVtZTogZGFyaykgewogICAgICAgICAgICBzdmcgeyBmaWxsOiB3aGl0ZTsgfQogICAgICAgIH0KICAgICAgICBAbWVkaWEgKHByZWZlcnMtY29sb3Itc2NoZW1lOiBsaWdodCkgewogICAgICAgICAgICBzdmcgeyBmaWxsOiBibGFjazsgfQogICAgICAgIH0KICAgIDwvc3R5bGU+CiAgICA8cGF0aCBkPSJNNzUzLjA5MiA1LjkxOTMyQzc1Ni41NTcgNS4wOTk3NiA3NTUuOTYyIC0wLjAwMDEyMjA3IDc1Mi40MDEgLTAuMDAwMTIyMDdINDI2LjAwMUM0MjQuNzU1IC0wLjAwMDEyMjA3IDQyMy42MzkgMC43NzAyNyA0MjMuMTk3IDEuOTM1MzVMMjM2Ljk2OCA0OTIuNkMyMzUuNzI5IDQ5NS44NjUgMjQwLjEyMyA0OTguMjU1IDI0Mi4xOTEgNDk1LjQ0MUw1NjkuMzU3IDUwLjExMzJDNTY5Ljc3OCA0OS41MzkyIDU3MC4zOTEgNDkuMTMzOSA1NzEuMDg0IDQ4Ljk3TDc1My4wOTIgNS45MTkzMloiLz4KICAgIDxwYXRoIGQ9Ik0xMS45NjY1IDQwLjIyODhDOS4xMDk0OSAzOC43NzcgMTAuMjEzNSAzNC40NTgzIDEzLjQxNjcgMzQuNTU1N0w0MDQuMjczIDQ2LjQzNjdDNDA2LjMzNCA0Ni40OTkzIDQwNy43MTkgNDguNTc0OSA0MDYuOTg2IDUwLjUwMjNMMzQ3LjQzOCAyMDYuOTgxQzM0Ni44MDQgMjA4LjY0NyAzNDQuODY1IDIwOS4zOTYgMzQzLjI3NSAyMDguNTg4TDExLjk2NjUgNDAuMjI4OFoiLz4KPC9zdmc+Cg=="><meta httpequiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1.00001,viewport-fit=cover"/><script defer="defer" src="/static/js/main.726c0750.js"></script><link href="/static/css/main.dce05a4d.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
<!doctype html><html lang="en"><head><title>Welcome - Kinode</title><meta charset="utf-8"/><meta http-equiv="pragma" content="no-cache"/><meta http-equiv="cache-control" content="no-cache"/><link rel="preconnect" href="https://fonts.googleapis.com"><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><link href="https://fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap" rel="stylesheet"><link rel="icon" href="data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNzc5IiBoZWlnaHQ9IjUxNCIgdmlld0JveD0iMCAwIDc3OSA1MTQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgICA8c3R5bGU+CiAgICAgICAgQG1lZGlhIChwcmVmZXJzLWNvbG9yLXNjaGVtZTogZGFyaykgewogICAgICAgICAgICBzdmcgeyBmaWxsOiB3aGl0ZTsgfQogICAgICAgIH0KICAgICAgICBAbWVkaWEgKHByZWZlcnMtY29sb3Itc2NoZW1lOiBsaWdodCkgewogICAgICAgICAgICBzdmcgeyBmaWxsOiBibGFjazsgfQogICAgICAgIH0KICAgIDwvc3R5bGU+CiAgICA8cGF0aCBkPSJNNzUzLjA5MiA1LjkxOTMyQzc1Ni41NTcgNS4wOTk3NiA3NTUuOTYyIC0wLjAwMDEyMjA3IDc1Mi40MDEgLTAuMDAwMTIyMDdINDI2LjAwMUM0MjQuNzU1IC0wLjAwMDEyMjA3IDQyMy42MzkgMC43NzAyNyA0MjMuMTk3IDEuOTM1MzVMMjM2Ljk2OCA0OTIuNkMyMzUuNzI5IDQ5NS44NjUgMjQwLjEyMyA0OTguMjU1IDI0Mi4xOTEgNDk1LjQ0MUw1NjkuMzU3IDUwLjExMzJDNTY5Ljc3OCA0OS41MzkyIDU3MC4zOTEgNDkuMTMzOSA1NzEuMDg0IDQ4Ljk3TDc1My4wOTIgNS45MTkzMloiLz4KICAgIDxwYXRoIGQ9Ik0xMS45NjY1IDQwLjIyODhDOS4xMDk0OSAzOC43NzcgMTAuMjEzNSAzNC40NTgzIDEzLjQxNjcgMzQuNTU1N0w0MDQuMjczIDQ2LjQzNjdDNDA2LjMzNCA0Ni40OTkzIDQwNy43MTkgNDguNTc0OSA0MDYuOTg2IDUwLjUwMjNMMzQ3LjQzOCAyMDYuOTgxQzM0Ni44MDQgMjA4LjY0NyAzNDQuODY1IDIwOS4zOTYgMzQzLjI3NSAyMDguNTg4TDExLjk2NjUgNDAuMjI4OFoiLz4KPC9zdmc+Cg=="><meta httpequiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1.00001,viewport-fit=cover"/><script defer="defer" src="/static/js/main.431aef9a.js"></script><link href="/static/css/main.054f6f32.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,137 @@
/*!
Copyright (c) 2015 Jed Watson.
Based on code that is Copyright 2013-2015, Facebook, Inc.
All rights reserved.
*/
/*!
* Adapted from jQuery UI core
*
* http://jqueryui.com
*
* Copyright 2014 jQuery Foundation and other contributors
* Released under the MIT license.
* http://jquery.org/license
*
* http://api.jqueryui.com/category/ui-core/
*/
/*!
* The buffer module from node.js, for the browser.
*
* @author Feross Aboukhadijeh <https://feross.org>
* @license MIT
*/
/*! ieee754. BSD-3-Clause License. Feross Aboukhadijeh <https://feross.org/opensource> */
/**
* @license React
* react-dom.production.min.js
*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
/**
* @license React
* react-jsx-runtime.production.min.js
*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
/**
* @license React
* react.production.min.js
*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
/**
* @license React
* scheduler.production.min.js
*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
/**
* @license React
* use-sync-external-store-shim.production.min.js
*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
/**
* @license React
* use-sync-external-store-shim/with-selector.production.min.js
*
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
/**
* @remix-run/router v1.15.2
*
* Copyright (c) Remix Software Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE.md file in the root directory of this source tree.
*
* @license MIT
*/
/**
* React Router DOM v6.22.2
*
* Copyright (c) Remix Software Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE.md file in the root directory of this source tree.
*
* @license MIT
*/
/**
* React Router v6.22.2
*
* Copyright (c) Remix Software Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE.md file in the root directory of this source tree.
*
* @license MIT
*/
/**
* [js-sha3]{@link https://github.com/emn178/js-sha3}
*
* @version 0.5.7
* @author Chen, Yi-Cyuan [emn178@gmail.com]
* @copyright Chen, Yi-Cyuan 2015-2016
* @license MIT
*/
/**
* [js-sha3]{@link https://github.com/emn178/js-sha3}
*
* @version 0.8.0
* @author Chen, Yi-Cyuan [emn178@gmail.com]
* @copyright Chen, Yi-Cyuan 2015-2018
* @license MIT
*/

View File

@ -233,9 +233,9 @@ pub async fn register(
}
async fn get_unencrypted_info(keyfile: Option<Vec<u8>>) -> Result<impl Reply, Rejection> {
let (name, allowed_routers, salt) = {
let (name, allowed_routers) = {
match keyfile {
Some(encoded_keyfile) => match keygen::get_info(&encoded_keyfile) {
Some(encoded_keyfile) => match keygen::get_username_and_routers(&encoded_keyfile) {
Ok(k) => k,
Err(_) => {
return Ok(warp::reply::with_status(
@ -255,11 +255,17 @@ async fn get_unencrypted_info(keyfile: Option<Vec<u8>>) -> Result<impl Reply, Re
}
};
// do we need password salt here for the FE to hash the login password?
println!(
"unencrypted info return: {:?}",
UnencryptedIdentity {
name: name.clone(),
allowed_routers: allowed_routers.clone(),
}
);
return Ok(warp::reply::with_status(
warp::reply::json(&UnencryptedIdentity {
name,
allowed_routers,
salt: base64::encode(&salt),
}),
StatusCode::OK,
)
@ -267,6 +273,7 @@ async fn get_unencrypted_info(keyfile: Option<Vec<u8>>) -> Result<impl Reply, Re
}
async fn generate_networking_info(our_temp_id: Arc<Identity>) -> Result<impl Reply, Rejection> {
println!("temp ID {:?}", our_temp_id.as_ref());
Ok(warp::reply::json(our_temp_id.as_ref()))
}
@ -283,6 +290,7 @@ async fn handle_keyfile_vet(
let decoded_keyfile =
keygen::decode_keyfile(&encoded_keyfile, &payload.password).map_err(|_| warp::reject())?;
println!("vetted decoded keyfile: {:?}", decoded_keyfile);
Ok(warp::reply::json(&KeyfileVetted {
username: decoded_keyfile.username,
networking_key: format!(
@ -300,44 +308,46 @@ async fn handle_boot(
networking_keypair: Arc<Vec<u8>>,
) -> Result<impl Reply, Rejection> {
let mut our = our.as_ref().clone();
println!("bootinfo while booting: {:?}", info.clone());
println!("our while booting: {:?}", our.clone());
our.name = info.username;
if info.direct {
our.allowed_routers = vec![];
} else {
our.ws_routing = None;
}
let jwt_seed = SystemRandom::new();
let mut jwt_secret = [0u8, 32];
ring::rand::SecureRandom::fill(&jwt_seed, &mut jwt_secret).unwrap();
let salt = base64::decode(&info.salt).map_err(|_| warp::reject())?;
let sig = Signature::from_base64(&info.signature).map_err(|_| warp::reject())?;
// let salt = base64::decode(&info.salt).map_err(|_| warp::reject())?;
//let sig = Signature::from_base64(&info.signature).map_err(|_| warp::reject())?;
let now = SystemTime::now()
.duration_since(UNIX_EPOCH)
.expect("Time went backwards")
.as_secs();
if info.timestamp < now + 120 {
return Ok(warp::reply::with_status(
warp::reply::json(&"Timestamp is outdated."),
StatusCode::UNAUTHORIZED,
)
.into_response());
}
// if info.timestamp < now + 120 {
// return Ok(warp::reply::with_status(
// warp::reply::json(&"Timestamp is outdated."),
// StatusCode::UNAUTHORIZED,
// )
// .into_response());
// }
// verify eth signature
let sign_data = serde_json::to_vec(&serde_json::json!({
"password": info.password,
"timestamp": info.timestamp,
}))
.unwrap();
// verify eth signature, fetch from eth?
// let sign_data = serde_json::to_vec(&serde_json::json!({
// "password": info.password,
// "timestamp": info.timestamp,
// }))
// .unwrap();
// check chain for address match...?
let _signer = sig
.recover_address_from_msg(&sign_data)
.map_err(|_| warp::reject())?;
// let _signer = sig
// .recover_address_from_msg(&sign_data)
// .map_err(|_| warp::reject())?;
let decoded_keyfile = Keyfile {
username: our.name.clone(),
@ -345,7 +355,6 @@ async fn handle_boot(
networking_keypair: signature::Ed25519KeyPair::from_pkcs8(networking_keypair.as_ref())
.unwrap(),
jwt_secret_bytes: jwt_secret.to_vec(),
salt,
};
let encoded_keyfile = keygen::encode_keyfile(
@ -354,7 +363,6 @@ async fn handle_boot(
decoded_keyfile.routers.clone(),
&networking_keypair,
&decoded_keyfile.jwt_secret_bytes,
&decoded_keyfile.salt,
);
success_response(sender, our, decoded_keyfile, encoded_keyfile).await
@ -429,6 +437,7 @@ async fn handle_login(
sender: Arc<RegistrationSender>,
encoded_keyfile: Option<Vec<u8>>,
) -> Result<impl Reply, Rejection> {
println!("login info: {:?}", info);
if encoded_keyfile.is_none() {
return Ok(warp::reply::with_status(
warp::reply::json(&"Keyfile not present"),
@ -521,7 +530,6 @@ async fn confirm_change_network_keys(
networking_keypair: signature::Ed25519KeyPair::from_pkcs8(networking_keypair.as_ref())
.unwrap(),
jwt_secret_bytes: old_decoded_keyfile.jwt_secret_bytes,
salt: old_decoded_keyfile.salt,
};
let encoded_keyfile = keygen::encode_keyfile(
@ -530,7 +538,6 @@ async fn confirm_change_network_keys(
decoded_keyfile.routers.clone(),
&networking_keypair,
&decoded_keyfile.jwt_secret_bytes,
&decoded_keyfile.salt,
);
success_response(sender, our.clone(), decoded_keyfile, encoded_keyfile).await

View File

@ -763,7 +763,6 @@ pub struct Keyfile {
pub routers: Vec<String>,
pub networking_keypair: signature::Ed25519KeyPair,
pub jwt_secret_bytes: Vec<u8>,
pub salt: Vec<u8>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
@ -785,9 +784,8 @@ pub struct BootInfo {
pub username: String,
pub reset: bool,
pub direct: bool,
pub signature: String,
pub salt: String,
pub timestamp: u64,
// pub signature: String,
// pub timestamp: u64,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
@ -819,17 +817,6 @@ pub struct Identity {
pub struct UnencryptedIdentity {
pub name: NodeId,
pub allowed_routers: Vec<NodeId>,
pub salt: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct IdentityTransaction {
pub from: String,
pub signature: Option<String>,
pub to: String, // contract address
pub town_id: u32,
pub calldata: Identity,
pub nonce: String,
}
//