From df48589e432729731f7e6c1b0539f5060321121f Mon Sep 17 00:00:00 2001 From: sentivate Date: Mon, 4 Jan 2021 10:39:41 -0500 Subject: [PATCH] PFS CLIENT PATCH - ID CERT ENCRYPTED BY DEFAULT IN BODY NOW - HASH + SIG for random key REMOVE ID CERT FROM PLAIN TEXT --- client/index.js | 13 ++++-- client/send/index.js | 15 ++++--- package-lock.json | 97 +++++++++++++++++++++++++++----------------- package.json | 4 +- 4 files changed, 80 insertions(+), 49 deletions(-) diff --git a/client/index.js b/client/index.js index 3164ffaa..8958fde1 100644 --- a/client/index.js +++ b/client/index.js @@ -26,16 +26,19 @@ class UDSP { crypto: { createSessionKey, clientSession, - createSocketId + createSocketId, + keypair, }, alert, success } = socket; socket.socketId = createSocketId(); success(`socketId:`, this.socketId); - alert(`Creating Shared Keys`); + success(`Creating Shared Keys`); const transmitKey = socket.transmitKey = createSessionKey(); const receiveKey = socket.receiveKey = createSessionKey(); + success(`Creating Connection Keypair`); + socket.keypair = keypair(); socket.profile = profile; socket.service = service; socket.ephemeralPublic = omit(profile.ephemeral, ['private']); @@ -44,8 +47,6 @@ class UDSP { } const { ephemeral: { - key: publicKey, - private: privateKey, signature: profileSignature } } = profile; @@ -55,6 +56,10 @@ class UDSP { signature: serviceSignature } } = service; + const { + publicKey, + secretKey: privateKey, + } = socket.keypair; clientSession(receiveKey, transmitKey, publicKey, privateKey, serverPublicKey); alert(`Shared Keys Created`); console.log(receiveKey, transmitKey); diff --git a/client/send/index.js b/client/send/index.js index b41afbb4..935719cf 100644 --- a/client/send/index.js +++ b/client/send/index.js @@ -10,7 +10,8 @@ module.exports = (udspPrototype) => { crypto: { encrypt, nonceBox, - toBase64 + toBase64, + hashSign }, buildPacketSize, buildStringSize, @@ -38,15 +39,17 @@ module.exports = (udspPrototype) => { } = socket; cnsl(`Send to server`); const socketStatusCode = socket.status.code; - console.log(message); - const messageEncoded = encode(message); + console.log(`socket Status Code is ${socketStatusCode}`); const nonce = nonceBox(); success(`Nonce Size: ${nonce.length} ${toBase64(nonce)}`); headers.id = socket.serverId || socket.socketId; headers.nonce = nonce; if (socketStatusCode === 0) { - headers.cert = socket.ephemeralPublic; - console.log(`socket Status Code is 0 attaching identity certificate`); + // PERFECT FORWARD SECRECY USE RANDOM EPHEMERAL KEY TO ENCRYPT IDENTITY CERT + headers.key = socket.keypair.publicKey; + headers.sig = hashSign(socket.keypair.publicKey, socket.keypair.privateKey); + message.body.cert = socket.ephemeralPublic; + console.log(`Setting ephemeral random public key to header & profile cert to message.body`); } console.log('PACKET HEADERS', headers); const headersEncoded = encode(headers); @@ -56,6 +59,8 @@ module.exports = (udspPrototype) => { const headersCompiled = Buffer.concat([headersEndIndexBuffer, headersEncoded]); success(`Additional Data End Index ${headersEndIndex.toString()}`); console.log(socket.transmitKey.toString('base64')); + console.log(message); + const messageEncoded = encode(message); const encryptedMessage = encrypt(messageEncoded, headersEncoded, nonce, socket.transmitKey); if (!encryptedMessage) { return errorLog('Encryption failed'); diff --git a/package-lock.json b/package-lock.json index 974f48e1..49c3ff20 100644 --- a/package-lock.json +++ b/package-lock.json @@ -874,9 +874,9 @@ "dev": true }, "bufferutil": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/bufferutil/-/bufferutil-4.0.2.tgz", - "integrity": "sha512-AtnG3W6M8B2n4xDQ5R+70EXvOpnXsFYg/AK2yTZd+HQ/oxAdz+GI+DvjmhBw3L0ole+LJ0ngqY4JMbDzkfNzhA==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/bufferutil/-/bufferutil-4.0.3.tgz", + "integrity": "sha512-yEYTwGndELGvfXsImMBLop58eaGW+YdONi1fNjTINSY98tmMmFijBG6WXgdkfuLNt4imzQNtIE+eBp1PVpMCSw==", "optional": true, "requires": { "node-gyp-build": "^4.2.0" @@ -1660,9 +1660,9 @@ "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=" }, "eslint": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.16.0.tgz", - "integrity": "sha512-iVWPS785RuDA4dWuhhgXTNrGxHHK3a8HLSMBgbbU59ruJDubUraXN8N5rn7kb8tG6sjg74eE0RA3YWT51eusEw==", + "version": "7.17.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.17.0.tgz", + "integrity": "sha512-zJk08MiBgwuGoxes5sSQhOtibZ75pz0J35XTRlZOk9xMffhpA9BTbQZxoXZzOl5zMbleShbGwtw+1kGferfFwQ==", "requires": { "@babel/code-frame": "^7.0.0", "@eslint/eslintrc": "^0.2.2", @@ -1745,6 +1745,11 @@ "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==" }, + "json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, "rimraf": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", @@ -1779,14 +1784,27 @@ "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==" }, "table": { - "version": "6.0.4", - "resolved": "https://registry.npmjs.org/table/-/table-6.0.4.tgz", - "integrity": "sha512-sBT4xRLdALd+NFBvwOz8bw4b15htyythha+q+DVZqy2RS08PPC8O2sZFgJYEY7bJvbCFKccs+WIZ/cd+xxTWCw==", + "version": "6.0.7", + "resolved": "https://registry.npmjs.org/table/-/table-6.0.7.tgz", + "integrity": "sha512-rxZevLGTUzWna/qBLObOe16kB2RTnnbhciwgPbMMlazz1yZGVEgnZK762xyVdVznhqxrfCeBMmMkgOOaPwjH7g==", "requires": { - "ajv": "^6.12.4", + "ajv": "^7.0.2", "lodash": "^4.17.20", "slice-ansi": "^4.0.0", "string-width": "^4.2.0" + }, + "dependencies": { + "ajv": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-7.0.3.tgz", + "integrity": "sha512-R50QRlXSxqXcQP5SvKUrw8VZeypvo12i2IX0EeR5PiZ7bEKeHWgzgo264LDadUsCU42lTJVhFikTqJwNeH34gQ==", + "requires": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + } + } } } } @@ -2666,9 +2684,9 @@ } }, "jest-worker": { - "version": "26.3.0", - "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.3.0.tgz", - "integrity": "sha512-Vmpn2F6IASefL+DVBhPzI2J9/GJUsqzomdeN+P+dK8/jKxbh8R3BtFnx3FIta7wYlPU62cpJMJQo4kuOowcMnw==", + "version": "26.6.2", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz", + "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==", "dev": true, "requires": { "@types/node": "*", @@ -3082,9 +3100,9 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, "msgpackr": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/msgpackr/-/msgpackr-1.0.2.tgz", - "integrity": "sha512-uo7MzayMiZaxozUtSAb7aMa/2D52Dc+u6LvL7XYmYA0DxnQVydEvoUjFGSuTcLnHK8QwyofDosjsYXW9xH02Bg==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/msgpackr/-/msgpackr-1.1.0.tgz", + "integrity": "sha512-/MF4i1kFXpEMpB6KPkKz3yaAnW0tr8A320qr7+Q8timXAY5tQJjbk8Nbx8ge+9HgaiSn1exhGrmR+C5iyu3iQw==", "requires": { "msgpackr-extract": "^1.0.0" } @@ -3097,14 +3115,6 @@ "requires": { "nan": "^2.14.1", "node-gyp-build": "^4.2.3" - }, - "dependencies": { - "node-gyp-build": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.2.3.tgz", - "integrity": "sha512-MN6ZpzmfNCRM+3t57PTJHgHyw/h4OWnZ6mR8P5j/uZtqQr46RRuDE/P+g3n0YR/AiYXeWixZZzaip77gdICfRg==", - "optional": true - } } }, "multistream": { @@ -3894,6 +3904,11 @@ "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", "dev": true }, + "require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==" + }, "require-relative": { "version": "0.8.7", "resolved": "https://registry.npmjs.org/require-relative/-/require-relative-0.8.7.tgz", @@ -4470,14 +4485,14 @@ "dev": true }, "terser": { - "version": "5.3.2", - "resolved": "https://registry.npmjs.org/terser/-/terser-5.3.2.tgz", - "integrity": "sha512-H67sydwBz5jCUA32ZRL319ULu+Su1cAoZnnc+lXnenGRYWyLE3Scgkt8mNoAsMx0h5kdo758zdoS0LG9rYZXDQ==", + "version": "5.5.1", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.5.1.tgz", + "integrity": "sha512-6VGWZNVP2KTUcltUQJ25TtNjx/XgdDsBDKGt8nN0MpydU36LmbPPcMBd2kmtZNNGVVDLg44k7GKeHHj+4zPIBQ==", "dev": true, "requires": { "commander": "^2.20.0", - "source-map": "~0.6.1", - "source-map-support": "~0.5.12" + "source-map": "~0.7.2", + "source-map-support": "~0.5.19" }, "dependencies": { "commander": { @@ -4485,6 +4500,12 @@ "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", "dev": true + }, + "source-map": { + "version": "0.7.3", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", + "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", + "dev": true } } }, @@ -4624,9 +4645,9 @@ "dev": true }, "uglify-js": { - "version": "3.10.4", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.10.4.tgz", - "integrity": "sha512-kBFT3U4Dcj4/pJ52vfjCSfyLyvG9VYYuGYPmrPvAxRw/i7xHiT4VvCev+uiEMcEEiu6UNB6KgWmGtSUYIWScbw==", + "version": "3.12.4", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.12.4.tgz", + "integrity": "sha512-L5i5jg/SHkEqzN18gQMTWsZk3KelRsfD1wUVNqtq0kzqWQqcJjyL8yc1o8hJgRrWqrAl2mUFbhfznEIoi7zi2A==", "dev": true, "optional": true }, @@ -4741,9 +4762,9 @@ } }, "utf-8-validate": { - "version": "5.0.3", - "resolved": "https://registry.npmjs.org/utf-8-validate/-/utf-8-validate-5.0.3.tgz", - "integrity": "sha512-jtJM6fpGv8C1SoH4PtG22pGto6x+Y8uPprW0tw3//gGFhDDTiuksgradgFN6yRayDP4SyZZa6ZMGHLIa17+M8A==", + "version": "5.0.4", + "resolved": "https://registry.npmjs.org/utf-8-validate/-/utf-8-validate-5.0.4.tgz", + "integrity": "sha512-MEF05cPSq3AwJ2C7B7sHAA6i53vONoZbMGX8My5auEVm6W+dJ2Jd/TZPyGJ5CH42V2XtbI5FD28HeHeqlPzZ3Q==", "optional": true, "requires": { "node-gyp-build": "^4.2.0" @@ -5071,9 +5092,9 @@ } }, "ws": { - "version": "7.4.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.1.tgz", - "integrity": "sha512-pTsP8UAfhy3sk1lSk/O/s4tjD0CRwvMnzvwr4OKGX7ZvqZtUyx4KIJB5JWbkykPoc55tixMGgTNoh3k4FkNGFQ==" + "version": "7.4.2", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.2.tgz", + "integrity": "sha512-T4tewALS3+qsrpGI/8dqNMLIVdq/g/85U98HPMa6F0m6xTbvhXU6RCQLqPH3+SlomNV/LdY6RXEbBpMH6EOJnA==" }, "xdg-basedir": { "version": "4.0.0", diff --git a/package.json b/package.json index fd2a269c..1e70c0b9 100644 --- a/package.json +++ b/package.json @@ -44,14 +44,14 @@ "devDependencies": { "@ckeditor/ckeditor5-build-inline": "^24.0.0", "@septdirworkshop/ukfontawesome": "^5.15.1", - "auto-changelog": "*", + "auto-changelog": "^2.2.1", "babel-eslint": "*", "docredux": "^2.1.2", "electron": "^11.1.1", "electron-builder": "^22.9.1", "ractive": "^1.3.14", "rollup": "^2.35.1", - "rollup-plugin-terser": "*", + "rollup-plugin-terser": "^7.0.2", "testatron": "^2.1.0", "uikit": "^3.6.5" },