IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

removed bigint-conversion,

Browse Source 
fixed keygeneration to be aligned 100% with login_server
trailing space on passphrase
bigint to hash conversion
This commit is contained in:
Ulf Gebhardt 2021-11-03 02:08:10 +01:00
parent 2473f450c3
commit 5736d3ba0b
Signed by: ulfgebhardt
GPG Key ID: DA6B843E748679C9
3 changed files with 13 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
backend/package.json
View File

@ -19,7 +19,6 @@
"@types/jest": "^27.0.2", "@types/jest": "^27.0.2",
"apollo-server-express": "^2.25.2", "apollo-server-express": "^2.25.2",
"axios": "^0.21.1", "axios": "^0.21.1",
"bigint-conversion": "^2.2.1",
"class-validator": "^0.13.1", "class-validator": "^0.13.1",
"cors": "^2.8.5", "cors": "^2.8.5",
"dotenv": "^10.0.0", "dotenv": "^10.0.0",

23
backend/src/graphql/resolver/UserResolver.ts
View File

@ -40,8 +40,8 @@ import { LoginUserRepository } from '../../typeorm/repository/LoginUser'
import { LoginUserBackupRepository } from '../../typeorm/repository/LoginUserBackup' import { LoginUserBackupRepository } from '../../typeorm/repository/LoginUserBackup'
import { LoginUser } from '@entity/LoginUser' import { LoginUser } from '@entity/LoginUser'
import { LoginUserBackup } from '@entity/LoginUserBackup' import { LoginUserBackup } from '@entity/LoginUserBackup'
import { bigintToBuf } from 'bigint-conversion'
// TODO apparently the types are cannot be loaded correctly? IDK whats wrong and we have to use require
// eslint-disable-next-line @typescript-eslint/no-var-requires // eslint-disable-next-line @typescript-eslint/no-var-requires
const sodium = require('sodium-native') const sodium = require('sodium-native')
@ -117,7 +117,7 @@ const PassphraseGenerate = (): string[] => {
] ]
*/ */
// pub: 0xdd1b7bb // pub: 0xdd1b7bb
// priv: 0xbcadd66 // priv: 0xbcadd66 (wrong?)
const KeyPairEd25519Create = (passphrase: string[]): Buffer[] => { const KeyPairEd25519Create = (passphrase: string[]): Buffer[] => {
if (!passphrase.length || passphrase.length < PHRASE_WORD_COUNT) { if (!passphrase.length || passphrase.length < PHRASE_WORD_COUNT) {
@ -129,24 +129,27 @@ const KeyPairEd25519Create = (passphrase: string[]): Buffer[] => {
wordIndicies.push(WORDS.indexOf(passphrase[i])) wordIndicies.push(WORDS.indexOf(passphrase[i]))
} }
// eslint-disable-next-line no-console
console.log(wordIndicies)
// TODO: wtf is this? // TODO: wtf is this?
// if (!wordIndicies || (!wordIndicies[0] && !wordIndicies[1] && !wordIndicies[2] && !wordIndicies[3])) { // if (!wordIndicies || (!wordIndicies[0] && !wordIndicies[1] && !wordIndicies[2] && !wordIndicies[3])) {
// return null; // return null;
// } // }
const state = Buffer.alloc(sodium.crypto_hash_sha512_STATEBYTES)
// sodium.crypto_hash_sha256_init(state /* , [key], outlen */) const state = Buffer.alloc(sodium.crypto_hash_sha512_STATEBYTES)
sodium.crypto_hash_sha512_init(state) sodium.crypto_hash_sha512_init(state)
// To prevent breaking existing passphrase-hash combinations word indices will be put into 64 Bit Variable to mimic first implementation of algorithms // To prevent breaking existing passphrase-hash combinations word indices will be put into 64 Bit Variable to mimic first implementation of algorithms
for (let i = 0; i < PHRASE_WORD_COUNT; i++) { for (let i = 0; i < PHRASE_WORD_COUNT; i++) {
const value = BigInt(wordIndicies[i]) const value = Buffer.alloc(8)
sodium.crypto_hash_sha512_update(state, Buffer.from(bigintToBuf(value))) // hash.update(Buffer.from(bigintToBuf(value))) value.writeBigInt64LE(BigInt(wordIndicies[i]))
sodium.crypto_hash_sha512_update(state, value)
} }
const clearPassphrase = passphrase.join(' ') // TODO trailing space in login_server
sodium.crypto_hash_sha512_update(state, Buffer.from(clearPassphrase)) // hash.update(Buffer.from(clearPassphrase)) const clearPassphrase = passphrase.join(' ') + ' '
sodium.crypto_hash_sha512_update(state, Buffer.from(clearPassphrase))
const outputHashBuffer = Buffer.alloc(sodium.crypto_hash_sha512_BYTES) const outputHashBuffer = Buffer.alloc(sodium.crypto_hash_sha512_BYTES)
sodium.crypto_hash_sha512_final(state, outputHashBuffer) // hash.final(outputHashBuffer) sodium.crypto_hash_sha512_final(state, outputHashBuffer)
const pubKey = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES) const pubKey = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES)
const privKey = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES) const privKey = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES)
@ -154,7 +157,7 @@ const KeyPairEd25519Create = (passphrase: string[]): Buffer[] => {
sodium.crypto_sign_seed_keypair( sodium.crypto_sign_seed_keypair(
pubKey, pubKey,
privKey, privKey,
outputHashBuffer.slice(sodium.crypto_sign_SEEDBYTES), outputHashBuffer.slice(0, sodium.crypto_sign_SEEDBYTES),
) )
return [pubKey, privKey] return [pubKey, privKey]

12
backend/yarn.lock
View File

@ -562,11 +562,6 @@
resolved "https://registry.npmjs.org/@josephg/resolvable/-/resolvable-1.0.1.tgz" resolved "https://registry.npmjs.org/@josephg/resolvable/-/resolvable-1.0.1.tgz"
integrity sha512-CtzORUwWTTOTqfVtHaKRJ0I1kNQd1bpn3sUh8I3nJDVY+5/M/Oe1DnEWzPQvqq/xPIIkzzzIP7mfCoAjFRvDhg== integrity sha512-CtzORUwWTTOTqfVtHaKRJ0I1kNQd1bpn3sUh8I3nJDVY+5/M/Oe1DnEWzPQvqq/xPIIkzzzIP7mfCoAjFRvDhg==
"@juanelas/base64@^1.0.1":
version "1.0.1"
resolved "https://registry.yarnpkg.com/@juanelas/base64/-/base64-1.0.1.tgz#aaede00ffdca595741fc69d0008b4cfc8f08293a"
integrity sha512-ZK/wWrjMrrMcprtOV72iilC1M/HfZcF2JeUJPHOL0tMm1TZrh9UhHDQEdPny/MmmT7tO4w47ycuy0YTnBrS5fg==
"@nodelib/fs.scandir@2.1.5": "@nodelib/fs.scandir@2.1.5":
version "2.1.5" version "2.1.5"
resolved "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz" resolved "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz"
@ -1512,13 +1507,6 @@ base64-js@^1.3.1:
resolved "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz" resolved "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz"
integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
bigint-conversion@^2.2.1:
version "2.2.1"
resolved "https://registry.yarnpkg.com/bigint-conversion/-/bigint-conversion-2.2.1.tgz#08c9f17a826943c7e56d4bfa9f0fc7fe8050a940"
integrity sha512-9TvqpV+VZ04fPKv4KPLQRk5ZAFhgHX4F7bYQY263/BbJBFzEGbtBeTQV9oNuAGaqj88PXdov1OcSNQtq9K9MPA==
dependencies:
"@juanelas/base64" "^1.0.1"
binary-extensions@^2.0.0: binary-extensions@^2.0.0:
version "2.2.0" version "2.2.0"
resolved "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz" resolved "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz"