include salt in encrypted bundle from client on reset
This commit is contained in:
Zachary Carter
Родитель
337109a260
Коммит
f163fa8caa
|
|
@ -287,53 +287,10 @@ function getResetToken(uid, len, cb) {
|
|||
});
|
||||
}
|
||||
|
||||
// Takes an accountToken and creates a new resetToken
|
||||
exports.getResetToken = function(accountToken, cb) {
|
||||
var accountKey = accountToken + '/accountToken';
|
||||
var uid, resetToken;
|
||||
|
||||
async.waterfall([
|
||||
// Check that the accountToken exists
|
||||
// and get the associated user id
|
||||
function(cb) {
|
||||
kv.cache.get(accountKey, function(err, account) {
|
||||
if (err) return cb(err);
|
||||
if (!account) return cb(notFound('UknownAccountToken'));
|
||||
cb(null, account.value.uid);
|
||||
});
|
||||
},
|
||||
// get new resetToken
|
||||
function(id, cb) {
|
||||
uid = id;
|
||||
util.getResetToken(cb);
|
||||
},
|
||||
function(token, cb) {
|
||||
resetToken = token;
|
||||
addResetToken(uid, token, cb);
|
||||
},
|
||||
// delete account token from user's list
|
||||
function(cb) {
|
||||
updateUserData(uid, function(userDoc) {
|
||||
delete userDoc.value.accountTokens[accountToken];
|
||||
return userDoc;
|
||||
}, cb);
|
||||
},
|
||||
// delete accountToken record
|
||||
function(cb) {
|
||||
kv.cache.delete(accountToken + '/accountToken', cb);
|
||||
},
|
||||
function(cb) {
|
||||
cb(null, { resetToken: resetToken });
|
||||
}
|
||||
], cb);
|
||||
};
|
||||
|
||||
exports.resetAccount = function(resetToken, bundle, cb) {
|
||||
var cyphertext = Buffer(bundle, 'hex');
|
||||
var userId, user, data;
|
||||
|
||||
console.log('cypher!!!', cyphertext.toString('hex'));
|
||||
|
||||
async.waterfall([
|
||||
// Check that the resetToken exists
|
||||
// and get the associated user id
|
||||
|
|
@ -359,28 +316,24 @@ exports.resetAccount = function(resetToken, bundle, cb) {
|
|||
.xor(bigint.fromBuffer(keys.respXORkey))
|
||||
.toBuffer();
|
||||
|
||||
console.log('ver!!!', cleartext.slice(64).toString('hex'));
|
||||
|
||||
data = {
|
||||
kA: cleartext.slice(0, 32).toString('hex'),
|
||||
wrapKb: cleartext.slice(32, 64).toString('hex'),
|
||||
verifier: cleartext.slice(64).toString('hex')
|
||||
salt: cleartext.slice(64, 96).toString('hex'),
|
||||
verifier: cleartext.slice(96).toString('hex')
|
||||
};
|
||||
console.log('data', data);
|
||||
next();
|
||||
},
|
||||
// delete all accountTokens, signTokens, and resetTokens
|
||||
function(next) {
|
||||
console.log('deleting!!');
|
||||
deleteAllTokens(userId, next);
|
||||
},
|
||||
// create user account
|
||||
function(next) {
|
||||
console.log('creating new!!');
|
||||
kv.store.set(userId + '/user', {
|
||||
email: user.email, // shouldn't be needed once we reintroduce principles
|
||||
params: user.params,
|
||||
salt: user.salt,
|
||||
salt: data.salt,
|
||||
verifier: data.verifier,
|
||||
kA: data.kA,
|
||||
wrapKb: data.wrapKb,
|
||||
|
|
|
|||
|
|
@ -82,7 +82,6 @@ function signCertKeys(signToken, cb) {
|
|||
// Derive a tokenId, a reqHMACkey, and a respXORkey from the resetToken
|
||||
function resetKeys(resetToken, payloadLength, cb) {
|
||||
var length = 2 * 32 + payloadLength;
|
||||
console.log('len????', length, payloadLength);
|
||||
|
||||
hkdf(resetToken, 'resetAccount', null, length, function (key) {
|
||||
cb(null, {
|
||||
|
|
|
|||
|
|
@ -267,8 +267,6 @@ function finishResetToken(request) { return getToken2('reset', request); }
|
|||
|
||||
|
||||
function resetAccount(request) {
|
||||
console.log('??', request.auth);
|
||||
console.log('??', request.payload);
|
||||
account.resetAccount(
|
||||
request.auth.credentials.token,
|
||||
request.payload.bundle,
|
||||
|
|
|
|||
|
|
@ -150,6 +150,7 @@ TestClient.prototype.createSRP = function (email, password, kB, cb) {
|
|||
var alg = 'sha256';
|
||||
var salt = crypto.randomBytes(32);
|
||||
var verifier = srp.getv(salt, email, password, srpParams['2048'].N, srpParams['2048'].g, alg);
|
||||
|
||||
this.makeRequest(
|
||||
'POST',
|
||||
'/create',
|
||||
|
|
@ -329,8 +330,7 @@ TestClient.prototype.resetAccount = function (resetToken, email, password, kA, k
|
|||
var alg = 'sha256';
|
||||
var salt = crypto.randomBytes(32);
|
||||
var verifier = srp.getv(salt, email, password, srpParams['2048'].N, srpParams['2048'].g, alg);
|
||||
console.log('ver??', verifier.toString(16));
|
||||
var cleartext = Buffer.concat([Buffer(kA, 'hex'), Buffer(kB, 'hex'), verifier.toBuffer()]);
|
||||
var cleartext = Buffer.concat([Buffer(kA, 'hex'), Buffer(kB, 'hex'), salt, verifier.toBuffer()]);
|
||||
|
||||
util.resetKeys(
|
||||
Buffer(resetToken, 'hex'),
|
||||
|
|
|
|||
|
|
@ -249,9 +249,10 @@ describe('user', function() {
|
|||
});
|
||||
|
||||
it('should finish reset token', function (done) {
|
||||
testClient.finishResetToken(session, TEST_EMAIL, TEST_PASSWORD, function (err, b) {
|
||||
testClient.finishResetToken(session, TEST_EMAIL, TEST_PASSWORD, function (err, keys) {
|
||||
try {
|
||||
assert.ok(b.kA);
|
||||
assert(!err);
|
||||
assert.equal(TEST_WRAPKB, keys.wrapKb);
|
||||
} catch (e) {
|
||||
return done(e);
|
||||
}
|
||||
|
|
@ -343,7 +344,6 @@ describe('user', function() {
|
|||
it('should login using SRP with new verifier', function (done) {
|
||||
testClient.loginSRP(TEST_EMAIL, TEST_PASSWORD_NEW, function (err, keys) {
|
||||
try {
|
||||
console.log(err, keys);
|
||||
assert(!err);
|
||||
assert.equal(TEST_WRAPKB_NEW, keys.wrapKb);
|
||||
} catch (e) {
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче