PFS CLIENT PATCH

- ID CERT ENCRYPTED BY DEFAULT IN BODY NOW - HASH + SIG for random key REMOVE ID CERT FROM PLAIN TEXT
universalweb · Jan 4, 2021 · df48589 · df48589
1 parent 4341931
commit df48589
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 49 deletions.
diff --git a/client/index.js b/client/index.js
@@ -26,16 +26,19 @@ class UDSP {
 			crypto: {
 				createSessionKey,
 				clientSession,
-				createSocketId
+				createSocketId,
+				keypair,
 			},
 			alert,
 			success
 		} = socket;
 		socket.socketId = createSocketId();
 		success(`socketId:`, this.socketId);
-		alert(`Creating Shared Keys`);
+		success(`Creating Shared Keys`);
 		const transmitKey = socket.transmitKey = createSessionKey();
 		const receiveKey = socket.receiveKey = createSessionKey();
+		success(`Creating Connection Keypair`);
+		socket.keypair = keypair();
 		socket.profile = profile;
 		socket.service = service;
 		socket.ephemeralPublic = omit(profile.ephemeral, ['private']);
@@ -44,8 +47,6 @@ class UDSP {
 		}
 		const {
 			ephemeral: {
-				key: publicKey,
-				private: privateKey,
 				signature: profileSignature
 			}
 		} = profile;
@@ -55,6 +56,10 @@ class UDSP {
 				signature: serviceSignature
 			}
 		} = service;
+		const {
+			publicKey,
+			secretKey: privateKey,
+		} = socket.keypair;
 		clientSession(receiveKey, transmitKey, publicKey, privateKey, serverPublicKey);
 		alert(`Shared Keys Created`);
 		console.log(receiveKey, transmitKey);

diff --git a/client/send/index.js b/client/send/index.js
@@ -10,7 +10,8 @@ module.exports = (udspPrototype) => {
 		crypto: {
 			encrypt,
 			nonceBox,
-			toBase64
+			toBase64,
+			hashSign
 		},
 		buildPacketSize,
 		buildStringSize,
@@ -38,15 +39,17 @@ module.exports = (udspPrototype) => {
 		} = socket;
 		cnsl(`Send to server`);
 		const socketStatusCode = socket.status.code;
-		console.log(message);
-		const messageEncoded = encode(message);
+		console.log(`socket Status Code is ${socketStatusCode}`);
 		const nonce = nonceBox();
 		success(`Nonce Size: ${nonce.length} ${toBase64(nonce)}`);
 		headers.id = socket.serverId || socket.socketId;
 		headers.nonce = nonce;
 		if (socketStatusCode === 0) {
-			headers.cert = socket.ephemeralPublic;
-			console.log(`socket Status Code is 0 attaching identity certificate`);
+			// PERFECT FORWARD SECRECY USE RANDOM EPHEMERAL KEY TO ENCRYPT IDENTITY CERT
+			headers.key = socket.keypair.publicKey;
+			headers.sig = hashSign(socket.keypair.publicKey, socket.keypair.privateKey);
+			message.body.cert = socket.ephemeralPublic;
+			console.log(`Setting ephemeral random public key to header & profile cert to message.body`);
 		}
 		console.log('PACKET HEADERS', headers);
 		const headersEncoded = encode(headers);
@@ -56,6 +59,8 @@ module.exports = (udspPrototype) => {
 		const headersCompiled = Buffer.concat([headersEndIndexBuffer, headersEncoded]);
 		success(`Additional Data End Index ${headersEndIndex.toString()}`);
 		console.log(socket.transmitKey.toString('base64'));
+		console.log(message);
+		const messageEncoded = encode(message);
 		const encryptedMessage = encrypt(messageEncoded, headersEncoded, nonce, socket.transmitKey);
 		if (!encryptedMessage) {
 			return errorLog('Encryption failed');

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -44,14 +44,14 @@
 	"devDependencies": {
 		"@ckeditor/ckeditor5-build-inline": "^24.0.0",
 		"@septdirworkshop/ukfontawesome": "^5.15.1",
-		"auto-changelog": "*",
+		"auto-changelog": "^2.2.1",
 		"babel-eslint": "*",
 		"docredux": "^2.1.2",
 		"electron": "^11.1.1",
 		"electron-builder": "^22.9.1",
 		"ractive": "^1.3.14",
 		"rollup": "^2.35.1",
-		"rollup-plugin-terser": "*",
+		"rollup-plugin-terser": "^7.0.2",
 		"testatron": "^2.1.0",
 		"uikit": "^3.6.5"
 	},