diff --git a/Client.md b/Client.md new file mode 100644 index 0000000..9b6507c --- /dev/null +++ b/Client.md @@ -0,0 +1,18 @@ +# GoSmartKeyboard Client + + +This is the base client, it only connects and authenticates. + + +The authentication token is loaded from the environment variable `KEYBOARD_AUTH`, if it does not exist we read it from stdin in base64 form, ended with a newline. + +``` go + +--- start client + + + +--- + + +``` \ No newline at end of file diff --git a/Makefile b/Makefile index 27f89e0..5eed023 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,8 @@ weave: - srcweave --formatter srcweave-format --weave docs/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md + srcweave --formatter srcweave-format --weave docs/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md ThreatModel.md + util/removefencedcode.py tangle: - srcweave --formatter srcweave-format --tangle smartkeyboard/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md + srcweave --formatter srcweave-format --tangle smartkeyboard/ ReadMe.md security/Authentication.md EnvironmentVariables.md Dependencies.md Server.md Streaming.md ThreatModel.md clean: rm -rf docs find smartkeyboard/ -type f -not -name "*_test.go" -delete diff --git a/ReadMe.md b/ReadMe.md index b0ce13d..c022635 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -14,6 +14,7 @@ This is done with a simple websocket server meant to accept a single connection, The goal of this particular daemon is not to perfectly emulate a HID, so it may trip up on Windows UAC or game anticheat systems. +A client is included that simply connects and authenticates. It is meant to be used with unix philosophy modules, for example a password manager wrapper. A UI could then wrap the client and said modules. ## Why a smart keyboard? @@ -48,7 +49,8 @@ markdown book is actually the source code * Well defined [threat model](ThreatModel.md) -# Daemon Entrypoint +# Entrypoint + Right out of the gate, we make sure a token is provisioned. In the future we will use the system keyring. @@ -60,6 +62,12 @@ Then we can start the web server and listen for websocket connections. --- entrypoint func main(){ + + if os.Args[1] == "connect" { + @{start client} + os.Exit(0) + } + tokenBase64, _ := auth.ProvisionToken() fmt.Println(tokenBase64) server.StartServer() @@ -72,6 +80,7 @@ Then we can start the web server and listen for websocket connections. package main import( + "os" "fmt" "keyboard.voidnet.tech/server" "keyboard.voidnet.tech/auth" diff --git a/ThreatModel.md b/ThreatModel.md index f8f4102..c6420d9 100644 --- a/ThreatModel.md +++ b/ThreatModel.md @@ -1 +1,7 @@ -# GoSmartKeyboard Threat Model \ No newline at end of file +# GoSmartKeyboard Threat Model + + +GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the [Caddy](https://caddyserver.com/) web server. + +The daemon is intended to be used by a single user, with the client used by the same person. +It is not recommended to use this over the internet, as it is intended for the user to be able to physically see the screen. \ No newline at end of file diff --git a/security/Authentication.md b/security/Authentication.md index 0957dcf..82df9b6 100644 --- a/security/Authentication.md +++ b/security/Authentication.md @@ -47,9 +47,9 @@ if authTokenFileIsSet == false { ## Checking authentication -When a client connects, the [websocket server](Server.md) checks the token they send against the stored token. +When a client connects, the [websocket endpoint](Server.md) checks the token they send against the stored token. -We use a constant time comparison to avoid timing attacks. +We use a constant time comparison to avoid timing attacks, although it is not clear if this is necessary in this case. ``` go