diff --git a/Messaging.md b/Messaging.md new file mode 100644 index 0000000..e2ead42 --- /dev/null +++ b/Messaging.md @@ -0,0 +1,83 @@ +# Messaging In Serveros + +## Consumer to Master, "Auth Request" + + { + requester: //My ID + , requested: //Provider ID + , nonce: //Random Bullshit + , ts: //What time is it? Millis + , hash: //Hash used to sign the request + , supportedHashes: //Hashes I can use + , supportedCiphers: //Ciphers I can use + } + +## Master to Provider, via Consumer, "Auth Ticket" + + { + requester: //Consumer ID + , requested: //Provider ID + , serverNonce: //New Nonce + , requesterNonce: //Nonce from Auth Request + , id: //64Bytes of entropy + , secret: //64 more bytes of entryop + , oneTimeCredentials: { + key: //A key of the appropriate size + , iv: //An initial Vector of the appropriate Size + , cipher: //A Cipher supported by Consumer And Provider + , hash: //A Hash algo supported by Consumer and Provider + } + , hash: //Hash used to sign this request. + , ts: //timestamp + , expires: //When these credentials expire + , authData: //Arbitrary + } + +## Master to Consumer, "Auth Response" + + + { + requester: //Consumer ID + , requested: //Provider ID + , serverNonce: //Nonce from Auth Ticket + , requesterNonce: //Nonce from Auth Request + , id: //ID from Auth Ticket + , secret: //Secret from Auth Ticket + , oneTimeCredentials: { //Same Credentials as Auth Ticket + key: + , iv: + , cipher: + , hash: + } + , hash: //Hash used to sign this request. + , ts: //timestamp + , expires: //When these credentials expire + , ticket: //The encrypted, signed Auth Ticket + }; + +## Consumer to Provider, "Ticket Presentation" + { + "id": ID Object, Enciphered with Key and IV from server. + , "ticket": The Encrypted, Signed Auth Ticket + } + +### ID Object + + { + id: //My ID + , serverNonce: //Nonce from Auth Response + , requesterNonce: //Nonce from Auth Request + , finalNonce: //New Nonce + , iv: //New IV + , ts: //New Time Stamp + } + +## Provider to Consumer, "Acknowledgement" + + { + serverNonce: //Nonce from Auth Ticket + , requesterNonce: //Nonce from Auth Request + , finalNonce: //Nonce from ID Object + , ts: //New Timestamp + } + diff --git a/demo/keys/master.bk b/demo/keys/master.bk deleted file mode 100644 index 866f42f..0000000 --- a/demo/keys/master.bk +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCt3ylt2/v8wjMobdw+pNJ1y/AtlbauU0F9xH5cKBz0shfI5nLd -tam4xcpVXzHph+f53j9sVmOxEsfmiiVMi9q70oMGckQmKoYF2M17hN+f0nu2j3w+ -O/NxJErjiTmf8OPggEw9mIMKRV9RDPnAINjyY4rSPGXBBETmd0/JgJnkywIDAQAB -AoGAXUfUmjPjRP+LIq2N863Jm5kGCe7AS1YvVKIOiLKclkrVp9q61WeY3qB+pL6l -sHxRYCR0MlNGuMEyreR/jkmZ1zfqegLh2MWt2LTP0repq/rnrLCWUCGFLqJ4XS1J -S+WL+muZpfgyI3wUOWao478lRCPyLNcZSnHLV4ddYIXwPsECQQDY412VpGfDtW5T -uHoM3tRnUuHxM1KR53SO0/DQNaa35xoKMB+zj0x5XJua8auw5jCFmpH9Ub1ehvZz -xSE3v7yNAkEAzTnxzrueMaT50rkJGl3ZMKbh1rSOwofSH6LepO5a2s0g7HCuc9Vs -9i8rnBHn/mpf8Xa9aX8QFwzph1I3QmGMtwJBANWHc3mCNQ5/LzGJq8/ECgX3ma6o -QqCW6TA9BRdX2t2vzvk8y9kyOa46OJBhYhF1b0v6E8T8lp3b7gOojr2eLXkCQQCq -9kFlCdCv5JIlI/XcXB/pMqxiEwn2LfUyW5iD5vgS2904emopnrrlnsgCfLw5qd4B -JfyGXM5HlX8ZNrlH+EGjAkABbwrGs/oAd0vbj7Zip28UuxtF0SA18t/ULmFkunY1 -mN8cWLoUDNhvoz40tXlw1MWDMvIqV/hmvMekN4yU9EEJ ------END RSA PRIVATE KEY----- diff --git a/demo/keys/master.pem.bk b/demo/keys/master.pem.bk deleted file mode 100644 index 5d2d2ef..0000000 --- a/demo/keys/master.pem.bk +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIGJAoGBAK3fKW3b+/zCMyht3D6k0nXL8C2Vtq5TQX3EflwoHPSyF8jmct21qbjF -ylVfMemH5/neP2xWY7ESx+aKJUyL2rvSgwZyRCYqhgXYzXuE35/Se7aPfD4783Ek -SuOJOZ/w4+CATD2YgwpFX1EM+cAg2PJjitI8ZcEEROZ3T8mAmeTLAgMBAAE= ------END RSA PUBLIC KEY----- diff --git a/demo/keys/master.pem8.bk b/demo/keys/master.pem8.bk deleted file mode 100644 index 0a26d8e..0000000 --- a/demo/keys/master.pem8.bk +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt3ylt2/v8wjMobdw+pNJ1y/At -lbauU0F9xH5cKBz0shfI5nLdtam4xcpVXzHph+f53j9sVmOxEsfmiiVMi9q70oMG -ckQmKoYF2M17hN+f0nu2j3w+O/NxJErjiTmf8OPggEw9mIMKRV9RDPnAINjyY4rS -PGXBBETmd0/JgJnkywIDAQAB ------END PUBLIC KEY----- diff --git a/demo/keys/master.pub.bk b/demo/keys/master.pub.bk deleted file mode 100644 index ca5b736..0000000 --- a/demo/keys/master.pub.bk +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCt3ylt2/v8wjMobdw+pNJ1y/AtlbauU0F9xH5cKBz0shfI5nLdtam4xcpVXzHph+f53j9sVmOxEsfmiiVMi9q70oMGckQmKoYF2M17hN+f0nu2j3w+O/NxJErjiTmf8OPggEw9mIMKRV9RDPnAINjyY4rSPGXBBETmd0/JgJnkyw== frank@data diff --git a/demo/keys/serverA.bk b/demo/keys/serverA.bk deleted file mode 100644 index 49b5ef2..0000000 --- a/demo/keys/serverA.bk +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDI/1GxjIHxEbg11W4N3D8wbCuHqN0JfRF4tKsOmrS2scTF2zkX -rYsqy9RmjaNiwxkrRrJjMccIv1IibHIl54jxOECT2swN34EMDPUuHEcznVWISOwH -LyrKhpLcsyEslJDpjk3rg6fTdFXy+NoS+QxaP4rTYwdqvNIYskfrFakU0wIDAQAB -AoGADp3ytPTA5mUhfli9HijsN3tGVyFCodQEl0CcR/2cMsUOyEy/BCfMvRoBokue -nCoQBIOpqWkPTmWLdZFpY7RI0xECfxFLDwDOitUeOQWMtRUiOFIyr1wB85aC6kbl -6xU6SJHMrmtQPYCLX8JfptPW0GH+mwEvOZmWbCaohzpm+lECQQDnNTpTIRExJedn -FuFF+tq5qHfNoXys4uLHuo0BiJVjv//nNPEdjf12NtPHY4CA07AfilKGQTOKnUps -ImnumHY3AkEA3ozLvJ958utUlDGMjcyU8y7dwNmojSsHaWm5151tBHuExhOz0bU9 -Zz8C9AvU/qHug1HFvBqckGtJHPcaFFyIRQJAdZ3bRMyujT0GAahfAxWAzS+Jen7r -CJwG16nr71rG/E6A5OJGwk0oIknz5BuXFHIbx3+7SXbDvIEVifrbvreqcwJAchMn -h7sTLmJUS1YOnsyj+Pcn8edfz2Sj+vOXsB7gt7B8wW9t9+t32wlggSnjdtYYRTXQ -LnhRknF7254JvzAjJQJBANNjiwC7PBiqvNrakuk+lDv2t5qayrHXqWoOybzVEUK/ -rIYiHMQTZaXupvZRAXQEB0jDZMVH98hFWjpq++EBQjw= ------END RSA PRIVATE KEY----- diff --git a/demo/keys/serverA.pem.bk b/demo/keys/serverA.pem.bk deleted file mode 100644 index 9e1eade..0000000 --- a/demo/keys/serverA.pem.bk +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIGJAoGBAMj/UbGMgfERuDXVbg3cPzBsK4eo3Ql9EXi0qw6atLaxxMXbORetiyrL -1GaNo2LDGStGsmMxxwi/UiJsciXniPE4QJPazA3fgQwM9S4cRzOdVYhI7AcvKsqG -ktyzISyUkOmOTeuDp9N0VfL42hL5DFo/itNjB2q80hiyR+sVqRTTAgMBAAE= ------END RSA PUBLIC KEY----- diff --git a/demo/keys/serverA.pub.bk b/demo/keys/serverA.pub.bk deleted file mode 100644 index 3dd2071..0000000 --- a/demo/keys/serverA.pub.bk +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDI/1GxjIHxEbg11W4N3D8wbCuHqN0JfRF4tKsOmrS2scTF2zkXrYsqy9RmjaNiwxkrRrJjMccIv1IibHIl54jxOECT2swN34EMDPUuHEcznVWISOwHLyrKhpLcsyEslJDpjk3rg6fTdFXy+NoS+QxaP4rTYwdqvNIYskfrFakU0w== frank@data diff --git a/demo/keys/serverB.bk b/demo/keys/serverB.bk deleted file mode 100644 index e68847e..0000000 --- a/demo/keys/serverB.bk +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCwHexbyf80JWLf6RYGlE+Z4YDd0uLIIOBtQ4A7pq/FZK9fuMeh -C+BERci52OqEaErKkmZ2FQdnTmFz1vv53Bnwbnx3MGTUA62DWk2C3/INtDSbsqE6 -v8E4OyUoDZibbKibVLjy2ghMtXHjjZi6WDlnwJVeE4LexrVmBsPG/NYp6wIDAQAB -AoGAe2tM4vpIvNtiUfW/OLcgnX75VvpdcNARVqDSMXtbfGJVwCf2xfZToKSiyRKp -LkcD+rfj0+ZivNOh2ZMUHAJRrhDIu/8IpWN7EA49/fw/VOlodIeSVYfD6d91UDPi -iFb+AUv2JMLcPZCatXotssfhnJPTUbUTt400nH6mBEp2XuECQQDluKC1P8DhBBVj -IHBl59PpsyzL6beLGNaD3fgX09pb47sV9bDdff1Vrmkl6ds235eF8g2mQRzxXXH7 -3nJvvgRRAkEAxEN/CVMO9ELE3+dx/hZ1vdVt2mj6nkikw6bF9PvuOUBlRTcMoD6z -esNIWFB95g6tlAefPeiNSu1yHYKlvBXnewJAME8RTMxpbWiEbuIlgOitwdmyM/ek -Z5YDlpuZTrl4lBZiA441cX7LRbd12UlCllmS7dInWK0cvw1dqQ/wlNsq4QJACbAX -PjuWWmJNW4wOKW+sYjF92bEi5dtKHspFrUEeUj8mgJMmEWbm7yFimdFnVYrV8J+r -sZ+gEdnEr0Y6rh0arwJAHxw3PwBz+31rS9CvZCVsUBZijlsy0jzQPsXtW48eTxwd -jJZF4a2okgjZQkyq363hIenvqGMWIfrpq1hj6ynsZQ== ------END RSA PRIVATE KEY----- diff --git a/demo/keys/serverB.pem.bk b/demo/keys/serverB.pem.bk deleted file mode 100644 index 1e3fd08..0000000 --- a/demo/keys/serverB.pem.bk +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIGJAoGBALAd7FvJ/zQlYt/pFgaUT5nhgN3S4sgg4G1DgDumr8Vkr1+4x6EL4ERF -yLnY6oRoSsqSZnYVB2dOYXPW+/ncGfBufHcwZNQDrYNaTYLf8g20NJuyoTq/wTg7 -JSgNmJtsqJtUuPLaCEy1ceONmLpYOWfAlV4Tgt7GtWYGw8b81inrAgMBAAE= ------END RSA PUBLIC KEY----- diff --git a/demo/keys/serverB.pub.bk b/demo/keys/serverB.pub.bk deleted file mode 100644 index 5c7e699..0000000 --- a/demo/keys/serverB.pub.bk +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCwHexbyf80JWLf6RYGlE+Z4YDd0uLIIOBtQ4A7pq/FZK9fuMehC+BERci52OqEaErKkmZ2FQdnTmFz1vv53Bnwbnx3MGTUA62DWk2C3/INtDSbsqE6v8E4OyUoDZibbKibVLjy2ghMtXHjjZi6WDlnwJVeE4LexrVmBsPG/NYp6w== frank@data diff --git a/src/classes/Encrypter.js b/src/classes/Encrypter.js index d54de75..79d2a7c 100644 --- a/src/classes/Encrypter.js +++ b/src/classes/Encrypter.js @@ -199,6 +199,7 @@ Encrypter.prototype = { * * @param {Buffer|String} ciphertext Either a buffer with cipher bytes, or a base64 encoded string. * @param {Buffer|String} key Either a buffer with key bytes, or a base64 encoded string. + * @param {Buffer|String} IV Either a buffer with IV bytes, or a base64 encoded string. * @param {Buffer|String} algorithm The cipher algorithm to use while deciphering. * @param {Serveros.Encrypter~decipherCallback} callback A callback for the eventual error or plaintext. */ @@ -298,9 +299,9 @@ Encrypter.prototype = { }, /** - * Encipher the data in question (via JSON Encoded String) with a one-time 256bit key, then - * encrypt the key with the provided RSA key. The two ciphertexts are then base64 encoded - * and joined with a delimeter to provide the Encrypted Text. + * Encipher the data in question (via JSON Encoded String) with a one-time key/IV, then + * encrypt the key/IV with the provided RSA key. The two ciphertexts are then base64 encoded + * and joined with a delimiter to provide the Encrypted Text. * * @param {Buffer|String} rsaKey A PEM Encoded RSA Key (Public Key) * @param {Buffer|String} message Either a buffer with plaintext bytes, or a utf8 encoded string. diff --git a/src/classes/ServerosConsumer.js b/src/classes/ServerosConsumer.js index 0f83521..b7c487c 100644 --- a/src/classes/ServerosConsumer.js +++ b/src/classes/ServerosConsumer.js @@ -125,7 +125,7 @@ ServerosConsumer.prototype.requestTicket = function(requested, callback) { that.idecryptAndVerify(body, function(err, decrypted) { if (err) callback(err); - else if(decrypted.requestNonce == authRequest.nonce) + else if(decrypted.requesterNonce != authRequest.nonce) callback(new AuthError.NonceError()); else if(that.isStale(decrypted.ts)) callback(new AuthError.StaleError()); diff --git a/src/classes/ServerosMaster.js b/src/classes/ServerosMaster.js index fadca6c..91c5a30 100644 --- a/src/classes/ServerosMaster.js +++ b/src/classes/ServerosMaster.js @@ -280,7 +280,8 @@ ServerosMaster.prototype.addAuthenticationEndpoint = function(application) { if (err) { res.status(err.statusCode).json(err.prepResponseBody()); console.error(err.prepResponseBody()); - console.error(err.err && err.err.stack); + if (err.err) + console.error(err.err.stack); } else res.json(response); }); diff --git a/src/classes/ServerosServiceProvider.js b/src/classes/ServerosServiceProvider.js index 029023e..35bd15a 100644 --- a/src/classes/ServerosServiceProvider.js +++ b/src/classes/ServerosServiceProvider.js @@ -100,7 +100,6 @@ ServerosServiceProvider.prototype.validate = function(greeting, callback) { , authData: ticket.authData , requester: ticket.requester , hash: ticket.hash - , cipher: ticket.cipher , expires: ticket.expires , oneTimeCredentials: ticket.oneTimeCredentials , nonces: { @@ -128,6 +127,9 @@ ServerosServiceProvider.prototype.expressValidator = function(onSuccessfulGreeti that.validate(greeting, function(err, authorized) { if (err) { res.status(err.statusCode).json(err.prepResponseBody()); + console.error(err.prepResponseBody()); + if (err.err) + console.error(err.err.stack); } else { try { @@ -147,6 +149,9 @@ ServerosServiceProvider.prototype.expressValidator = function(onSuccessfulGreeti }, authorized.oneTimeCredentials.key, authorized.nonces.iv, authorized.oneTimeCredentials.cipher, function(err, ciphertext) { if (err) { res.status(err.statusCode).json(err.prepResponseBody()); + console.error(err.prepResponseBody()); + if (err.err) + console.error(err.err.stack); } res.json({message:ciphertext}); });