Non-Breaking Updates.

frankiethekneeman · Oct 15, 2015 · 4c2f899 · 4c2f899
1 parent 9652ce5
commit 4c2f899
Show file tree

Hide file tree

Showing 15 changed files with 96 additions and 75 deletions.
diff --git a/Messaging.md b/Messaging.md
@@ -0,0 +1,83 @@
+# Messaging In Serveros
+
+## Consumer to Master, "Auth Request"
+
+     {
+        requester:              //My ID
+        , requested:            //Provider ID
+        , nonce:                //Random Bullshit
+        , ts:                   //What time is it?  Millis
+        , hash:                 //Hash used to sign the request
+        , supportedHashes:      //Hashes I can use
+        , supportedCiphers:     //Ciphers I can use
+    }
+
+## Master to Provider, via Consumer, "Auth Ticket"
+
+    {
+        requester:               //Consumer ID
+        , requested:             //Provider ID
+        , serverNonce:           //New Nonce
+        , requesterNonce:        //Nonce from Auth Request
+        , id:                    //64Bytes of entropy
+        , secret:                //64 more bytes of entryop
+        , oneTimeCredentials: {
+            key:                 //A key of the appropriate size
+            , iv:                //An initial Vector of the appropriate Size   
+            , cipher:            //A Cipher supported by Consumer And Provider
+            , hash:              //A Hash algo supported by Consumer and Provider
+        }
+        , hash:                  //Hash used to sign this request.
+        , ts:                    //timestamp 
+        , expires:               //When these credentials expire
+        , authData:              //Arbitrary
+    }
+
+## Master to Consumer, "Auth Response"
+
+
+    {
+        requester:               //Consumer ID
+        , requested:             //Provider ID
+        , serverNonce:           //Nonce from Auth Ticket
+        , requesterNonce:        //Nonce from Auth Request
+        , id:                    //ID from Auth Ticket
+        , secret:                //Secret from Auth Ticket
+        , oneTimeCredentials: {  //Same Credentials as Auth Ticket
+            key:
+            , iv:
+            , cipher:
+            , hash:
+        }
+        , hash:                  //Hash used to sign this request.
+        , ts:                    //timestamp 
+        , expires:               //When these credentials expire
+        , ticket:                //The encrypted, signed Auth Ticket
+    };
+
+## Consumer to Provider, "Ticket Presentation"
+    {
+        "id": ID Object, Enciphered with Key and IV from server.
+        , "ticket":  The Encrypted, Signed Auth Ticket
+    }
+
+### ID Object
+
+    {
+        id:                 //My ID
+        , serverNonce:      //Nonce from Auth Response
+        , requesterNonce:   //Nonce from Auth Request
+        , finalNonce:       //New Nonce
+        , iv:               //New IV 
+        , ts:               //New Time Stamp
+    }
+
+## Provider to Consumer, "Acknowledgement"
+
+    {
+        serverNonce:        //Nonce from Auth Ticket
+        , requesterNonce:   //Nonce from Auth Request
+        , finalNonce:       //Nonce from ID Object
+        , ts:               //New Timestamp
+    }
+
diff --git a/demo/keys/master.bk b/demo/keys/master.bk
diff --git a/demo/keys/master.pem.bk b/demo/keys/master.pem.bk
diff --git a/demo/keys/master.pem8.bk b/demo/keys/master.pem8.bk
diff --git a/demo/keys/master.pub.bk b/demo/keys/master.pub.bk
diff --git a/demo/keys/serverA.bk b/demo/keys/serverA.bk
diff --git a/demo/keys/serverA.pem.bk b/demo/keys/serverA.pem.bk
diff --git a/demo/keys/serverA.pub.bk b/demo/keys/serverA.pub.bk
diff --git a/demo/keys/serverB.bk b/demo/keys/serverB.bk
diff --git a/demo/keys/serverB.pem.bk b/demo/keys/serverB.pem.bk
diff --git a/demo/keys/serverB.pub.bk b/demo/keys/serverB.pub.bk
diff --git a/src/classes/Encrypter.js b/src/classes/Encrypter.js
@@ -199,6 +199,7 @@ Encrypter.prototype = {
      *  
      *  @param {Buffer|String} ciphertext Either a buffer with cipher bytes, or a base64 encoded string.
      *  @param {Buffer|String} key Either a buffer with key bytes, or a base64 encoded string.
+     *  @param {Buffer|String} IV Either a buffer with IV bytes, or a base64 encoded string.
      *  @param {Buffer|String} algorithm The cipher algorithm to use while deciphering.
      *  @param {Serveros.Encrypter~decipherCallback} callback A callback for the eventual error or plaintext.
      */
@@ -298,9 +299,9 @@ Encrypter.prototype = {
     },
 
     /**
-     *  Encipher the data in question (via JSON Encoded String) with a one-time 256bit key, then 
-     *  encrypt the key with the provided RSA key.  The two ciphertexts are then base64 encoded 
-     *  and joined with a delimeter to provide the Encrypted Text.
+     *  Encipher the data in question (via JSON Encoded String) with a one-time key/IV, then 
+     *  encrypt the key/IV with the provided RSA key.  The two ciphertexts are then base64 encoded 
+     *  and joined with a delimiter to provide the Encrypted Text.
      *  
      *  @param {Buffer|String} rsaKey A PEM Encoded RSA Key (Public Key)
      *  @param {Buffer|String} message Either a buffer with plaintext bytes, or a utf8 encoded string.

diff --git a/src/classes/ServerosConsumer.js b/src/classes/ServerosConsumer.js
@@ -125,7 +125,7 @@ ServerosConsumer.prototype.requestTicket = function(requested, callback) {
                     that.idecryptAndVerify(body, function(err, decrypted) {
                         if (err)
                             callback(err);
-                        else if(decrypted.requestNonce == authRequest.nonce)
+                        else if(decrypted.requesterNonce != authRequest.nonce) 
                             callback(new AuthError.NonceError());
                         else if(that.isStale(decrypted.ts))
                             callback(new AuthError.StaleError());

diff --git a/src/classes/ServerosMaster.js b/src/classes/ServerosMaster.js
@@ -280,7 +280,8 @@ ServerosMaster.prototype.addAuthenticationEndpoint = function(application) {
             if (err) {
                 res.status(err.statusCode).json(err.prepResponseBody());
                 console.error(err.prepResponseBody());
-                console.error(err.err && err.err.stack);
+                if (err.err)
+                    console.error(err.err.stack);
             } else 
                 res.json(response);
         });

diff --git a/src/classes/ServerosServiceProvider.js b/src/classes/ServerosServiceProvider.js
@@ -100,7 +100,6 @@ ServerosServiceProvider.prototype.validate = function(greeting, callback) {
                         , authData: ticket.authData
                         , requester: ticket.requester
                         , hash: ticket.hash
-                        , cipher: ticket.cipher
                         , expires: ticket.expires
                         , oneTimeCredentials: ticket.oneTimeCredentials
                         , nonces: {
@@ -128,6 +127,9 @@ ServerosServiceProvider.prototype.expressValidator = function(onSuccessfulGreeti
         that.validate(greeting, function(err, authorized) {
             if (err) {
                 res.status(err.statusCode).json(err.prepResponseBody());
+                console.error(err.prepResponseBody());
+                if (err.err)
+                    console.error(err.err.stack);
             } else {
                 try {
 
@@ -147,6 +149,9 @@ ServerosServiceProvider.prototype.expressValidator = function(onSuccessfulGreeti
                     }, authorized.oneTimeCredentials.key, authorized.nonces.iv, authorized.oneTimeCredentials.cipher, function(err, ciphertext) {
                         if (err) {
                             res.status(err.statusCode).json(err.prepResponseBody());
+                            console.error(err.prepResponseBody());
+                            if (err.err)
+                                console.error(err.err.stack);
                         }
                         res.json({message:ciphertext});
                     });