Unverified Commit 0600f047 authored by Aral Balkan's avatar Aral Balkan
Browse files

Now using reproducible local writers for authentication

parent fa3d863f
......@@ -91,7 +91,11 @@ async function joinExistingDomain(passphrase) {
console.log('Original keys', originalKeys)
const localKeys = await generateDerivativeKeys(originalKeys.nodeReadKeyInHex, nodeName)
// Derive the local keys based on the secret key. This both means that they are
// reproducible on the origin node and any other node where the person enters the
// passphrase but also that they are not guessable.
console.log(`Generating local keys based on secret key: ${originalKeys.nodeWriteKeyInHex}`)
const localKeys = await generateDerivativeKeys(originalKeys.nodeWriteKeyInHex, nodeName)
model.keys = originalKeys
// Clear the secret key as we don’t need it for non-origin nodes.
......@@ -380,6 +384,7 @@ view.on('ready', () => {
// Generate the initial node name as <platform> on <os>
model.nodeName = `${platform.name} on ${platform.os}`
view.nodeName = model.nodeName
model.domain = view.domain
})
view.on('signUp', () => {
......@@ -390,14 +395,39 @@ view.on('signIn', (passphrase) => {
initialiseNode(passphrase)
})
view.on('authorise', (otherNodeReadKey) => {
console.log(`Authorisation request for ${otherNodeReadKey.toString('hex')}`)
view.on('authorise', async (otherNodeName) => {
console.log(`Authorisation request for ${otherNodeName}`)
model.db.authorize(otherNodeReadKey, (error, authorisation) => {
if (error) throw error
// Recreate the local keys for the node requesting authorisation
// by deriving it from the main write (secret) key
console.log(authorisation)
})
view.showAuthorisationProgress()
try {
console.log('passphrase', model.passphrase)
const originalKeys = await generateKeys(model.passphrase, model.domain)
console.log('Original keys', originalKeys)
// Derive the local keys based on the secret key. This both means that they are
// reproducible on the origin node and any other node where the person enters the
// passphrase but also that they are not guessable.
console.log(`Generating local keys based on secret key: ${originalKeys.nodeWriteKeyInHex}`)
const otherNodeLocalKeys = await generateDerivativeKeys(originalKeys.nodeWriteKeyInHex, otherNodeName)
model.db.authorize(otherNodeLocalKeys.nodeReadKey, (error, authorisation) => {
if (error) throw error
console.log(authorisation)
})
view.hideAuthorisationProgress()
} catch (error) {
view.hideAuthorisationProgress()
console.log('Error: could not generate keys for authorisation', error)
throw(error)
}
})
view.on('write', () => {
......
......@@ -38,10 +38,10 @@
</fieldset>
<fieldset class='details originNode'>
<legend>Authorise other node</legend>
<legend>Authorise a node</legend>
<div>
<label for='otherNodeLocalReadKeyInHex'>Other node read key:</label>
<input type='text' id='otherNodeLocalReadKeyInHex' value=''>
<label for='otherNodeName'>Node name:</label>
<input type='text' id='otherNodeName' value=''>
</div>
<div id='authoriseButton' class='buttonWithProgressIndicator'>
<button type='button'>Authorise</button>
......
......@@ -26,7 +26,7 @@ const setupForm = document.getElementById('setupForm')
const nodeNameTextField = document.getElementById('nodeName')
const accessButton = new ButtonWithProgressIndicator('accessButton')
const authoriseButton = new ButtonWithProgressIndicator('authoriseButton')
const otherNodeLocalReadKeyInHexTextField = document.getElementById('otherNodeLocalReadKeyInHex')
const otherNodeNameTextField = document.getElementById('otherNodeName')
const passphraseTextField = document.getElementById('passphrase')
const indeterminateProgressIndicator = document.getElementById('indeterminateProgressIndicator')
......@@ -56,10 +56,10 @@ class View extends EventEmitter {
this.resetForm()
this.validatePassphrase()
this.validateOtherNodeLocalReadKey()
this.validateOtherNodeName()
passphraseTextField.addEventListener('keyup', this.validatePassphrase)
otherNodeLocalReadKeyInHexTextField.addEventListener('keyup', this.validateOtherNodeLocalReadKey)
otherNodeNameTextField.addEventListener('keyup', this.validateOtherNodeName)
// Sign up / sign in button.
accessButton.on('click', event => {
......@@ -72,7 +72,7 @@ class View extends EventEmitter {
// Authorise button.
authoriseButton.on('click', event => {
this.emit('authorise', Buffer.from(otherNodeLocalReadKeyInHexTextField.value, 'hex'))
this.emit('authorise', otherNodeNameTextField.value)
})
// Write button.
......@@ -99,37 +99,10 @@ class View extends EventEmitter {
}
validateOtherNodeLocalReadKey() {
// Validates that the read key you want to authorise is 64 bytes and hexadecimal.
const otherNodeReadKeyInHex = otherNodeLocalReadKeyInHexTextField.value
const publicReadKeyInHex = publicSigningKeyTextField.value
const localReadKeyInHex = localReadKeyTextField.value
if (otherNodeReadKeyInHex.length !== 64) {
console.log('Other node local read key is the wrong size', otherNodeReadKeyInHex.length)
authoriseButton.enabled = false
return
}
if (otherNodeReadKeyInHex.match(/^([0-9, a-f]+)$/) === null) {
console.log('Non-hexadecimal digits present in local read key; cannot be valid.')
authoriseButton.enabled = false
return
}
if (otherNodeReadKeyInHex === publicReadKeyInHex) {
console.log('The key to authorise cannot be the public read key for this domain.')
authoriseButton.enabled = false
return
}
if (otherNodeReadKeyInHex === localReadKeyInHex) {
console.log('The key to authorise cannot be the local read key for this domain.')
authoriseButton.enabled = false
return
}
authoriseButton.enabled = true
validateOtherNodeName() {
// Basic validation. There isn’t a specific format for node names at this point.
// Just check that there is something in there.
authoriseButton.enabled = otherNodeNameTextField.value.length > 0
}
......@@ -177,11 +150,17 @@ class View extends EventEmitter {
accessButton.showProgress()
}
hideAccessProgress () {
accessButton.hideProgress()
}
showAuthorisationProgress () {
authoriseButton.showProgress()
}
hideAuthorisationProgress () {
authoriseButton.hideProgress()
}
showDatabaseIsReady () {
this.displayKeys()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment