+ Started ThreatModel.md

* Switched from uuids to the system random device
2022-12-31 00:34:03 -06:00 · 2022-12-31 00:34:03 -06:00 · 46de195bf8
commit 46de195bf8
parent 0779f734da
8 changed files with 35 additions and 28 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,5 @@
 docs/*
+bin/*
 *.go
 !smartkeyboard/auth/*_test.go
 go.mod
--- a/Dependencies.md
+++ b/Dependencies.md
@ -3,15 +3,6 @@
 This project has the following dependencies, excluding the Go standard library:


-# uuid
-
-We use uuidv4s to generate authentication tokens
-
--- uuid import string
-
-    "github.com/google/uuid"
-
---

 # xdg

--- a/10
+++ b/10
@ -1,13 +1,19 @@
 weave:
-	srcweave --formatter srcweave-format --weave docs/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md
+	srcweave --formatter srcweave-format --weave docs/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md
 tangle:
-	srcweave --formatter srcweave-format --tangle smartkeyboard/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md
+	srcweave --formatter srcweave-format --tangle smartkeyboard/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md
 clean:
 	rm -rf docs
 	find smartkeyboard/ -type f -not -name "*_test.go" -delete
 	rm go.mod
 	rm go.sum

+build: tangle
+	- cd smartkeyboard && go mod init keyboard.voidnet.tech
+	- cd smartkeyboard && go mod tidy
+	- cd smartkeyboard && go build -o ../bin/keyboard
+
+
 test: tangle
 	-cd smartkeyboard && go mod init keyboard.voidnet.tech
 	-cd smartkeyboard && go mod tidy
--- a/ReadMe.md
+++ b/ReadMe.md
@ -60,7 +60,8 @@ Then we can start the web server and listen for websocket connections.
 --- entrypoint

    func main(){
-        auth.ProvisionToken()
+        tokenBase64, _ := auth.ProvisionToken()
+        fmt.Println(tokenBase64)
        server.StartServer()
    }

@ -71,6 +72,7 @@ Then we can start the web server and listen for websocket connections.
    package main

    import(
+        "fmt"
        "keyboard.voidnet.tech/server"
        "keyboard.voidnet.tech/auth"
    )
--- a/Server.md
+++ b/Server.md
@ -42,7 +42,7 @@ func StartServer() {
    @{create listener}
 	
    http.HandleFunc("/sendkeys", clientConnected)
-	http.HandleFunc("/activewindow", )
+	//http.HandleFunc("/activewindow", )
    http.Serve(listener, nil)


@ -70,8 +70,8 @@ var listener net.Listener

 var upgrader = websocket.Upgrader{} // use default options

-
-@{start http server}
@{streaming keyboard input}
+@{start http server}
+
 ---
 ```
--- a/ThreatModel.md
+++ b/ThreatModel.md
@ -0,0 +1 @@
+# GoSmartKeyboard Threat Model
--- a/security/Authentication.md
+++ b/security/Authentication.md
@ -12,10 +12,13 @@ KDF.

 ``` go
 --- token generation
-authToken = uuid.New().String() + uuid.New().String()
-hashedID := sha3.Sum256([]byte(authToken))
+authToken := [32]byte{}
+rand.Read(authToken[:])

-fmt.Println("This is your authentication token, it will only be shown once: " + authToken)
+authTokenString := base64.StdEncoding.EncodeToString(authToken[:])
+hashedID := sha3.Sum256(authToken[:])
+
+fmt.Println("This is your authentication token, it will only be shown once: " + authTokenString)
 ---
 ```

@ -53,7 +56,8 @@ We use a constant time comparison to avoid timing attacks.
 func CheckAuthToken(token string) error {
    @{define authentication token file}
    // compare sha3_256 hash to hash in file
-    hashedToken := sha3.Sum256([]byte(token))
+    tokenBytes, err := base64.StdEncoding.DecodeString(token)
+    hashedToken := sha3.Sum256(tokenBytes)
    storedToken, err := os.ReadFile(authTokenFile)
    if err != nil {
        return err
@ -66,11 +70,11 @@ func CheckAuthToken(token string) error {
 ---

 --- provision token function
-func ProvisionToken() (error){
+func ProvisionToken() (base64Token string, failed error){
    @{define authentication token file}

    if _, err := os.Stat(authTokenFile); err == nil {
-        return nil
+        return "", nil
    }

    @{token generation}
@ -83,7 +87,7 @@ func ProvisionToken() (error){
        panic(err)
    }
    fo.Write(hashedID[:])
-    return nil
+    return base64Token, nil
 }
 ---

@ -102,13 +106,14 @@ import(
    "path/filepath"
    "fmt"
    "errors"
+    "encoding/base64"
+    "crypto/rand"
    "crypto/subtle"
@{sha3 import string}
-@{uuid import string}
@{xdg import string}
 )

-var authToken = ""
+//var authToken = ""

@{provision token function}

--- a/smartkeyboard/auth/auth_test.go
+++ b/smartkeyboard/auth/auth_test.go
@ -1,6 +1,7 @@
 package auth

 import (
+	"encoding/base64"
 	"golang.org/x/crypto/sha3"
 	"os"
 	"testing"
@ -14,7 +15,7 @@ func TestAuthPasswordHashBad(t *testing.T) {

 	password := "wrong password"

-	result := checkAuthToken(password)
+	result := CheckAuthToken(password)
 	if result == nil {
 		t.Errorf("Expected error, got nil")
 	}
@ -29,7 +30,7 @@ func TestAuthPasswordEmpty(t *testing.T) {

 	password := ""

-	result := checkAuthToken(password)
+	result := CheckAuthToken(password)
 	if result == nil {
 		t.Errorf("Expected error, got nil")
 	}
@ -48,9 +49,9 @@ func TestAuthPasswordHashGood(t *testing.T) {
 	fo.Write(expectedHash[:])
 	t.Log("TestAuthPasswordHash")

-	password := "password"
+	password := base64.StdEncoding.EncodeToString([]byte("password"))

-	result := checkAuthToken(password)
+	result := CheckAuthToken(password)
 	if result != nil {
 		t.Errorf("Expected nil, got error")
 	}