better crypto hygeine, start thinking more about ui

2016-12-20 11:09:41 +01:00 · 2016-12-20 11:09:41 +01:00 · dfea802c77
commit dfea802c77
parent 7df460c766
2 changed files with 176 additions and 81 deletions
--- a/www/login/index.html
+++ b/www/login/index.html
@ -12,16 +12,43 @@
            width: 100%;
            box-sizing: border-box;
        }
        body {
            width: 80vw;
            min-width: 1000px;
            margin: auto;
        }
        div.box, div.logout {
            width: 50%;
            border: 1px solid black;
            padding: 15px;
            display: none;
        }
        input[type="text"], input[type="password"] {
            width: 80%;
        }
        #confirm { display: none; }
    </style>
 </head>
 <body>
 <div data-localization="login_warning"></div>
-<input type="text" name="username" id="username" data-localization-placeholder="login_username"><br />
+<div class="box">
-<input type="password" name="password" id="password" data-localization-placeholder="login_password"><br />
+    <div id="warning" data-localization="login_warning"></div>
-
+    <input type="text" name="username" id="username" data-localization-placeholder="login_username" autofocus><br />
-<button id="login">login</button>
+    <input type="password" name="password" id="password" data-localization-placeholder="login_password"><br />
 <input type="checkbox" name="remember" id="remember"><label for="remember" data-localization="login_remember"></label>
    <label for="register" data-localization="login_register"></label>
    <input type="checkbox" name="register" id="register"><br />
    <input type="password" name="confirm" id="confirm" data-localization-placeholder="login_confirm">
    <br />
    <hr />
    <button id="login" data-localization="login_login"></button>
    <input type="checkbox" name="remember" id="remember"><label for="remember" data-localization="login_remember"></label>
 </div>
 <div class="logout">
    <div data-localization="login_logout"></div>
    <button id="logout">logout</button>
 </div>
--- a/www/login/main.js
+++ b/www/login/main.js
@ -3,10 +3,11 @@ define([
    '/bower_components/chainpad-listmap/chainpad-listmap.js',
    '/bower_components/chainpad-crypto/crypto.js',
    '/common/cryptpad-common.js',
    '/login/credential.js',
    '/bower_components/tweetnacl/nacl-fast.min.js',
    '/bower_components/scrypt-async/scrypt-async.min.js',
    '/bower_components/jquery/dist/jquery.min.js',
-], function (Config, Listmap, Crypto, Cryptpad) {
+], function (Config, Listmap, Crypto, Cryptpad, Cred) {
    var $ = window.jQuery;
    var Scrypt = window.scrypt;
    var Nacl = window.nacl;
@ -20,10 +21,6 @@ define([
        Crypto: Crypto,
    };
    var print = function (S, t) {
        $('body').append($('<' + (t || 'p') + '>').text(S));
    };
    var hashFromCreds = function (username, password, len, cb) {
        Scrypt(password,
            username,
@ -35,94 +32,122 @@ define([
            undefined); // format, could be 'base64'
    };
-    var authenticated = function (password, next) {
+    var Events = APP.Events = {};
-        console.log("Authenticated!");
+    var alreadyExists = Events.alreadyExists = function () {
-        var secret = {};
+        Cryptpad.alert("user account already exists.");
-
+    };
-        secret.channel = password.slice(0, 32);
+    var mismatchedPasswords = Events.mismatchedPasswords = function () {
-        secret.key = password.slice(32, 48);
+        Cryptpad.alert("passwords don't match!");
        secret.junk = password.slice(48, 64); // consider reordering things
        secret.curve = password.slice(64, 96);
        secret.ed = password.slice(96, 128);
        print(JSON.stringify(secret, null, 2), 'pre');
        var config = {
            websocketURL: Config.websocketURL,
            channel: secret.channel,
            data: {},
            crypto: Crypto.createEncryptor(secret.key),
            loglevel: 0,
        };
        console.log("creating proxy!");
        var rt = module.rt = Listmap.create(config);
        next(rt.proxy, function () {
            Cryptpad.log("Ready!");
        });
    };
-    var useBytes = function (bytes) {
+    var useBytes = function (bytes, opt) {
-        var firstSeed = bytes.slice(0, 18);
+        opt = opt || {};
-        var secondSeed = bytes.slice(18, 35);
+        if (opt.remember) {
            console.log("user would like to stay logged in");
        } else {
            console.log("user would like to be forgotten");
        }
-        var remainder = bytes.slice(34);
+        var entropy = {
            used: 0,
        };
        // crypto hygeine
        var consume = function (n) {
            // explode if you run out of bytes
            if (entropy.used + n > bytes.length) {
                throw new Error('exceeded available entropy');
            }
            if (typeof(n) !== 'number') { throw new Error('expected a number'); }
            if (n <= 0) {
                throw new Error('expected to consume a positive number of bytes');
            }
            // grab an unused slice of the entropy
            var A = bytes.slice(entropy.used, entropy.used + n);
            // account for the bytes you used so you don't reuse bytes
            entropy.used += n;
            //console.info("%s bytes of entropy remaining", bytes.length - entropy.used);
            return A;
        };
        // consume 18 bytes of entropy for your encryption key
        var encryptionSeed = consume(18);
        // 16 bytes for a deterministic channel key
        var channelSeed = consume(16);
        // 32 bytes for a curve key
        var curveSeed = consume(32);
        // 32 more for a signing key
        var edSeed = consume(32);
        var seed = {};
-        seed.keys = Crypto.createEditCryptor(null, firstSeed);
+        var keys = seed.keys = Crypto.createEditCryptor(null, encryptionSeed);
-        seed.keys.editKeyStr = seed.keys.editKeyStr.replace(/\//g, '-');
+        // 24 bytes of base64
        keys.editKeyStr = keys.editKeyStr.replace(/\//g, '-');
-        seed.channel = Cryptpad.uint8ArrayToHex(secondSeed);
+        // 32 bytes of hex
-
+        seed.channel = Cryptpad.uint8ArrayToHex(channelSeed);
        console.log(seed);
        var channelHex = seed.channel;
        if (channelHex.length !== 32) {
            throw new Error('invalid channel id');
        }
        var channel64 = Cryptpad.hexToBase64(channelHex);
-        console.log(seed.keys.editKeyStr);
+        seed.editHash = Cryptpad.getEditHashFromKeys(channelHex, keys.editKeyStr);
-
+        //console.log("edithash: %s", seed.editHash);
        seed.editHash = Cryptpad.getEditHashFromKeys(channelHex, seed.keys.editKeyStr);
        var secret = Cryptpad.getSecrets(seed.editHash);
        console.log(secret);
        console.log(seed.editHash);
        //return;
        var config = {
            websocketURL: Cryptpad.getWebsocketURL(),
            channel: channelHex,
            data: {},
-            validateKey: seed.keys.validateKey || undefined,
+            validateKey: keys.validateKey, // derived validation key
            readOnly: seed.keys && !seed.keys.editKeyStr,
            crypto: Crypto.createEncryptor(seed.keys),
        };
        var rt = APP.rt = Listmap.create(config);
        rt.proxy.on('create', function (info) {
-            console.log('created');
+            console.log("loading user profile");
            //console.log(info);
        })
        .on('ready', function (info) {
            console.log(info);
            console.log('ready');
            //console.log(info);
            var proxy = rt.proxy;
 /*  if the user is registering, we expect that the userDoc will be empty
 */
            if (opt.register) {
                if (Object.keys(proxy).length) {
                    alreadyExists();
                }
            }
            var now = +(new Date());
            if (!proxy.atime) {
                console.log("first time visiting!");
                proxy.atime = now;
                var name = proxy['cryptpad.username'] = opt.name;
                console.log("setting name to %s", name);
            } else {
                console.log("last visit was %ss ago", (now - proxy.atime) / 1000);
                proxy.atime = now;
            }
-            console.log(proxy);
+            var userHash = '/1/edit/' + [channel64, keys.editKeyStr].join('/');
            console.log("remembering your userhash");
            Cryptpad.login(userHash, opt.remember);
            //console.log(userHash);
            //console.log(proxy);
        })
        .on('disconnect', function (info) {
            console.log('disconnected');
@ -130,38 +155,81 @@ define([
        });
    };
-    var isValidUsername = function (name) {
+    var $warning = $('#warning');
-        return !!name;
+    var $login = $('#login');
    };
    var isValidPassword = function (passwd) {
        return !!passwd;
    };
    var $username = $('#username');
    var $password = $('#password');
    var $confirm = $('#confirm');
    var $remember = $('#remember');
-    0 && hashFromCreds('ansuz', 'pewpewpew', 128, useBytes);
+    var revealLogin = function () {
        $('.box').slideDown();
    };
-    $('#login').click(function () {
+    var $logoutBox = $('div.logout');
-        var uname = $username.val();
+    var $logout = $('#logout').click(function () {
-        var passwd = $password.val();
+        Cryptpad.logout(function () {
            // noop?
            $logout.slideUp();
            revealLogin();
        });
    });
-        if (!isValidUsername(uname)) {
+    var $register = $('#register').click(function () {
-            return void Cryptpad.alert('invalid username');
+        if (!$register.length) { return; }
        var e = $register[0];
        if (e.checked) {
            $confirm.slideDown();
            $login.text(Cryptpad.Messages._getKey('login_register'));
        }
-
+        else {
-        if (!isValidPassword(passwd)) {
+            $confirm.slideUp();
-            return void Cryptpad.alert('invalid password');
+            $login.text(Cryptpad.Messages._getKey('login_login'));
        }
    });
    var resetUI = function () {
        $username.val("");
        $password.val("");
        $confirm.val("");
        $remember[0].checked = false;
        $register[0].checked = false;
    };
-        // we need 18 bytes for the regular crypto
+    if (Cryptpad.getUserHash()) {
        //Cryptpad.alert("You are already logged in!");
        $logoutBox.slideDown();
    } else {
        revealLogin();
    }
    $login.click(function () {
        var uname = $username.val();
        var passwd = $password.val();
        var confirm = $confirm.val();
        var remember = $remember[0].checked;
        var register = $register[0].checked;
        if (!Cred.isValidUsername(uname)) {
            return void Cryptpad.alert('invalid username');
        }
        if (!Cred.isValidPassword(passwd)) {
            return void Cryptpad.alert('invalid password');
        }
        if (register && !Cred.passwordsMatch(passwd, confirm)) {
            return mismatchedPasswords();
        }
        resetUI();
        // consume 128 bytes, to be divided later
        // we can safely increase this size, but we don't need much right now
        hashFromCreds(uname, passwd, 128, function (bytes) {
-            //console.log(bytes);
+            useBytes(bytes, {
-            useBytes(bytes);
+                remember: remember,
                register: register,
                name: uname,
            });
        });
    });
 });