+ Started ThreatModel.md

* Switched from uuids to the system random device
This commit is contained in:
Kevin F 2022-12-31 00:34:03 -06:00
parent 0779f734da
commit 46de195bf8
8 changed files with 35 additions and 28 deletions

1
.gitignore vendored
View File

@ -1,4 +1,5 @@
docs/* docs/*
bin/*
*.go *.go
!smartkeyboard/auth/*_test.go !smartkeyboard/auth/*_test.go
go.mod go.mod

View File

@ -3,15 +3,6 @@
This project has the following dependencies, excluding the Go standard library: This project has the following dependencies, excluding the Go standard library:
# uuid
We use uuidv4s to generate authentication tokens
--- uuid import string
"github.com/google/uuid"
---
# xdg # xdg

View File

@ -1,13 +1,19 @@
weave: weave:
srcweave --formatter srcweave-format --weave docs/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md srcweave --formatter srcweave-format --weave docs/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md
tangle: tangle:
srcweave --formatter srcweave-format --tangle smartkeyboard/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md srcweave --formatter srcweave-format --tangle smartkeyboard/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md
clean: clean:
rm -rf docs rm -rf docs
find smartkeyboard/ -type f -not -name "*_test.go" -delete find smartkeyboard/ -type f -not -name "*_test.go" -delete
rm go.mod rm go.mod
rm go.sum rm go.sum
build: tangle
- cd smartkeyboard && go mod init keyboard.voidnet.tech
- cd smartkeyboard && go mod tidy
- cd smartkeyboard && go build -o ../bin/keyboard
test: tangle test: tangle
-cd smartkeyboard && go mod init keyboard.voidnet.tech -cd smartkeyboard && go mod init keyboard.voidnet.tech
-cd smartkeyboard && go mod tidy -cd smartkeyboard && go mod tidy

View File

@ -60,7 +60,8 @@ Then we can start the web server and listen for websocket connections.
--- entrypoint --- entrypoint
func main(){ func main(){
auth.ProvisionToken() tokenBase64, _ := auth.ProvisionToken()
fmt.Println(tokenBase64)
server.StartServer() server.StartServer()
} }
@ -71,6 +72,7 @@ Then we can start the web server and listen for websocket connections.
package main package main
import( import(
"fmt"
"keyboard.voidnet.tech/server" "keyboard.voidnet.tech/server"
"keyboard.voidnet.tech/auth" "keyboard.voidnet.tech/auth"
) )

View File

@ -42,7 +42,7 @@ func StartServer() {
@{create listener} @{create listener}
http.HandleFunc("/sendkeys", clientConnected) http.HandleFunc("/sendkeys", clientConnected)
http.HandleFunc("/activewindow", ) //http.HandleFunc("/activewindow", )
http.Serve(listener, nil) http.Serve(listener, nil)
@ -70,8 +70,8 @@ var listener net.Listener
var upgrader = websocket.Upgrader{} // use default options var upgrader = websocket.Upgrader{} // use default options
@{start http server}
@{streaming keyboard input} @{streaming keyboard input}
@{start http server}
--- ---
``` ```

1
ThreatModel.md Normal file
View File

@ -0,0 +1 @@
# GoSmartKeyboard Threat Model

View File

@ -12,10 +12,13 @@ KDF.
``` go ``` go
--- token generation --- token generation
authToken = uuid.New().String() + uuid.New().String() authToken := [32]byte{}
hashedID := sha3.Sum256([]byte(authToken)) rand.Read(authToken[:])
fmt.Println("This is your authentication token, it will only be shown once: " + authToken) authTokenString := base64.StdEncoding.EncodeToString(authToken[:])
hashedID := sha3.Sum256(authToken[:])
fmt.Println("This is your authentication token, it will only be shown once: " + authTokenString)
--- ---
``` ```
@ -53,7 +56,8 @@ We use a constant time comparison to avoid timing attacks.
func CheckAuthToken(token string) error { func CheckAuthToken(token string) error {
@{define authentication token file} @{define authentication token file}
// compare sha3_256 hash to hash in file // compare sha3_256 hash to hash in file
hashedToken := sha3.Sum256([]byte(token)) tokenBytes, err := base64.StdEncoding.DecodeString(token)
hashedToken := sha3.Sum256(tokenBytes)
storedToken, err := os.ReadFile(authTokenFile) storedToken, err := os.ReadFile(authTokenFile)
if err != nil { if err != nil {
return err return err
@ -66,11 +70,11 @@ func CheckAuthToken(token string) error {
--- ---
--- provision token function --- provision token function
func ProvisionToken() (error){ func ProvisionToken() (base64Token string, failed error){
@{define authentication token file} @{define authentication token file}
if _, err := os.Stat(authTokenFile); err == nil { if _, err := os.Stat(authTokenFile); err == nil {
return nil return "", nil
} }
@{token generation} @{token generation}
@ -83,7 +87,7 @@ func ProvisionToken() (error){
panic(err) panic(err)
} }
fo.Write(hashedID[:]) fo.Write(hashedID[:])
return nil return base64Token, nil
} }
--- ---
@ -102,13 +106,14 @@ import(
"path/filepath" "path/filepath"
"fmt" "fmt"
"errors" "errors"
"encoding/base64"
"crypto/rand"
"crypto/subtle" "crypto/subtle"
@{sha3 import string} @{sha3 import string}
@{uuid import string}
@{xdg import string} @{xdg import string}
) )
var authToken = "" //var authToken = ""
@{provision token function} @{provision token function}

View File

@ -1,6 +1,7 @@
package auth package auth
import ( import (
"encoding/base64"
"golang.org/x/crypto/sha3" "golang.org/x/crypto/sha3"
"os" "os"
"testing" "testing"
@ -14,7 +15,7 @@ func TestAuthPasswordHashBad(t *testing.T) {
password := "wrong password" password := "wrong password"
result := checkAuthToken(password) result := CheckAuthToken(password)
if result == nil { if result == nil {
t.Errorf("Expected error, got nil") t.Errorf("Expected error, got nil")
} }
@ -29,7 +30,7 @@ func TestAuthPasswordEmpty(t *testing.T) {
password := "" password := ""
result := checkAuthToken(password) result := CheckAuthToken(password)
if result == nil { if result == nil {
t.Errorf("Expected error, got nil") t.Errorf("Expected error, got nil")
} }
@ -48,9 +49,9 @@ func TestAuthPasswordHashGood(t *testing.T) {
fo.Write(expectedHash[:]) fo.Write(expectedHash[:])
t.Log("TestAuthPasswordHash") t.Log("TestAuthPasswordHash")
password := "password" password := base64.StdEncoding.EncodeToString([]byte("password"))
result := checkAuthToken(password) result := CheckAuthToken(password)
if result != nil { if result != nil {
t.Errorf("Expected nil, got error") t.Errorf("Expected nil, got error")
} }