+ Started ThreatModel.md

* Switched from uuids to the system random device
2022-12-31 00:34:03 -06:00 · 2022-12-31 00:34:03 -06:00 · 46de195bf8
commit 46de195bf8
parent 0779f734da
8 changed files with 35 additions and 28 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,5 @@
 docs/*
 bin/*
 *.go
 !smartkeyboard/auth/*_test.go
 go.mod
--- a/Dependencies.md
+++ b/Dependencies.md
@ -3,15 +3,6 @@
 This project has the following dependencies, excluding the Go standard library:
 # uuid
 We use uuidv4s to generate authentication tokens
 --- uuid import string
    "github.com/google/uuid"
 ---
 # xdg
--- a/10
+++ b/10
@ -1,13 +1,19 @@
 weave:
-	srcweave --formatter srcweave-format --weave docs/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md
+	srcweave --formatter srcweave-format --weave docs/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md
 tangle:
-	srcweave --formatter srcweave-format --tangle smartkeyboard/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md
+	srcweave --formatter srcweave-format --tangle smartkeyboard/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md
 clean:
 	rm -rf docs
 	find smartkeyboard/ -type f -not -name "*_test.go" -delete
 	rm go.mod
 	rm go.sum
 build: tangle
 	- cd smartkeyboard && go mod init keyboard.voidnet.tech
 	- cd smartkeyboard && go mod tidy
 	- cd smartkeyboard && go build -o ../bin/keyboard
 test: tangle
 	-cd smartkeyboard && go mod init keyboard.voidnet.tech
 	-cd smartkeyboard && go mod tidy
--- a/ReadMe.md
+++ b/ReadMe.md
@ -60,7 +60,8 @@ Then we can start the web server and listen for websocket connections.
 --- entrypoint
    func main(){
-        auth.ProvisionToken()
+        tokenBase64, _ := auth.ProvisionToken()
        fmt.Println(tokenBase64)
        server.StartServer()
    }
@ -71,6 +72,7 @@ Then we can start the web server and listen for websocket connections.
    package main
    import(
        "fmt"
        "keyboard.voidnet.tech/server"
        "keyboard.voidnet.tech/auth"
    )
--- a/Server.md
+++ b/Server.md
@ -42,7 +42,7 @@ func StartServer() {
    @{create listener}
    http.HandleFunc("/sendkeys", clientConnected)
-	http.HandleFunc("/activewindow", )
+	//http.HandleFunc("/activewindow", )
    http.Serve(listener, nil)
@ -70,8 +70,8 @@ var listener net.Listener
 var upgrader = websocket.Upgrader{} // use default options
@{start http server}
@{streaming keyboard input}
@{start http server}
 ---
 ```
--- a/ThreatModel.md
+++ b/ThreatModel.md
@ -0,0 +1 @@
 # GoSmartKeyboard Threat Model
--- a/security/Authentication.md
+++ b/security/Authentication.md
@ -12,10 +12,13 @@ KDF.
 ``` go
 --- token generation
-authToken = uuid.New().String() + uuid.New().String()
+authToken := [32]byte{}
-hashedID := sha3.Sum256([]byte(authToken))
+rand.Read(authToken[:])
-fmt.Println("This is your authentication token, it will only be shown once: " + authToken)
+authTokenString := base64.StdEncoding.EncodeToString(authToken[:])
 hashedID := sha3.Sum256(authToken[:])
 fmt.Println("This is your authentication token, it will only be shown once: " + authTokenString)
 ---
 ```
@ -53,7 +56,8 @@ We use a constant time comparison to avoid timing attacks.
 func CheckAuthToken(token string) error {
    @{define authentication token file}
    // compare sha3_256 hash to hash in file
-    hashedToken := sha3.Sum256([]byte(token))
+    tokenBytes, err := base64.StdEncoding.DecodeString(token)
    hashedToken := sha3.Sum256(tokenBytes)
    storedToken, err := os.ReadFile(authTokenFile)
    if err != nil {
        return err
@ -66,11 +70,11 @@ func CheckAuthToken(token string) error {
 ---
 --- provision token function
-func ProvisionToken() (error){
+func ProvisionToken() (base64Token string, failed error){
    @{define authentication token file}
    if _, err := os.Stat(authTokenFile); err == nil {
-        return nil
+        return "", nil
    }
    @{token generation}
@ -83,7 +87,7 @@ func ProvisionToken() (error){
        panic(err)
    }
    fo.Write(hashedID[:])
-    return nil
+    return base64Token, nil
 }
 ---
@ -102,13 +106,14 @@ import(
    "path/filepath"
    "fmt"
    "errors"
    "encoding/base64"
    "crypto/rand"
    "crypto/subtle"
@{sha3 import string}
@{uuid import string}
@{xdg import string}
 )
-var authToken = ""
+//var authToken = ""
@{provision token function}
--- a/smartkeyboard/auth/auth_test.go
+++ b/smartkeyboard/auth/auth_test.go
@ -1,6 +1,7 @@
 package auth
 import (
 	"encoding/base64"
 	"golang.org/x/crypto/sha3"
 	"os"
 	"testing"
@ -14,7 +15,7 @@ func TestAuthPasswordHashBad(t *testing.T) {
 	password := "wrong password"
-	result := checkAuthToken(password)
+	result := CheckAuthToken(password)
 	if result == nil {
 		t.Errorf("Expected error, got nil")
 	}
@ -29,7 +30,7 @@ func TestAuthPasswordEmpty(t *testing.T) {
 	password := ""
-	result := checkAuthToken(password)
+	result := CheckAuthToken(password)
 	if result == nil {
 		t.Errorf("Expected error, got nil")
 	}
@ -48,9 +49,9 @@ func TestAuthPasswordHashGood(t *testing.T) {
 	fo.Write(expectedHash[:])
 	t.Log("TestAuthPasswordHash")
-	password := "password"
+	password := base64.StdEncoding.EncodeToString([]byte("password"))
-	result := checkAuthToken(password)
+	result := CheckAuthToken(password)
 	if result != nil {
 		t.Errorf("Expected nil, got error")
 	}