|
|
|
/*jshint esversion: 6 */
|
|
|
|
/* globals Buffer*/
|
|
|
|
const Block = module.exports;
|
|
|
|
const Nacl = require("tweetnacl/nacl-fast");
|
|
|
|
const nThen = require("nthen");
|
|
|
|
const Util = require("../common-util");
|
|
|
|
const BlockStore = require("../storage/block");
|
|
|
|
|
|
|
|
/*
|
|
|
|
We assume that the server is secured against MitM attacks
|
|
|
|
via HTTPS, and that malicious actors do not have code execution
|
|
|
|
capabilities. If they do, we have much more serious problems.
|
|
|
|
|
|
|
|
The capability to replay a block write or remove results in either
|
|
|
|
a denial of service for the user whose block was removed, or in the
|
|
|
|
case of a write, a rollback to an earlier password.
|
|
|
|
|
|
|
|
Since block modification is destructive, this can result in loss
|
|
|
|
of access to the user's drive.
|
|
|
|
|
|
|
|
So long as the detached signature is never observed by a malicious
|
|
|
|
party, and the server discards it after proof of knowledge, replays
|
|
|
|
are not possible. However, this precludes verification of the signature
|
|
|
|
at a later time.
|
|
|
|
|
|
|
|
Despite this, an integrity check is still possible by the original
|
|
|
|
author of the block, since we assume that the block will have been
|
|
|
|
encrypted with xsalsa20-poly1305 which is authenticated.
|
|
|
|
*/
|
|
|
|
var validateLoginBlock = function (Env, publicKey, signature, block, _cb) { // FIXME BLOCKS
|
|
|
|
var cb = Util.once(Util.mkAsync(_cb));
|
|
|
|
|
|
|
|
// convert the public key to a Uint8Array and validate it
|
|
|
|
if (typeof(publicKey) !== 'string') { return void cb('E_INVALID_KEY'); }
|
|
|
|
|
|
|
|
var u8_public_key;
|
|
|
|
try {
|
|
|
|
u8_public_key = Nacl.util.decodeBase64(publicKey);
|
|
|
|
} catch (e) {
|
|
|
|
return void cb('E_INVALID_KEY');
|
|
|
|
}
|
|
|
|
|
|
|
|
var u8_signature;
|
|
|
|
try {
|
|
|
|
u8_signature = Nacl.util.decodeBase64(signature);
|
|
|
|
} catch (e) {
|
|
|
|
Env.Log.error('INVALID_BLOCK_SIGNATURE', e);
|
|
|
|
return void cb('E_INVALID_SIGNATURE');
|
|
|
|
}
|
|
|
|
|
|
|
|
// convert the block to a Uint8Array
|
|
|
|
var u8_block;
|
|
|
|
try {
|
|
|
|
u8_block = Nacl.util.decodeBase64(block);
|
|
|
|
} catch (e) {
|
|
|
|
return void cb('E_INVALID_BLOCK');
|
|
|
|
}
|
|
|
|
|
|
|
|
// take its hash
|
|
|
|
var hash = Nacl.hash(u8_block);
|
|
|
|
|
|
|
|
// validate the signature against the hash of the content
|
|
|
|
var verified = Nacl.sign.detached.verify(hash, u8_signature, u8_public_key);
|
|
|
|
|
|
|
|
// existing authentication ensures that users cannot replay old blocks
|
|
|
|
|
|
|
|
// call back with (err) if unsuccessful
|
|
|
|
if (!verified) { return void cb("E_COULD_NOT_VERIFY"); }
|
|
|
|
|
|
|
|
return void cb(null, u8_block);
|
|
|
|
};
|
|
|
|
|
|
|
|
Block.validateAncestorProof = function (Env, proof, _cb) {
|
|
|
|
var cb = Util.once(Util.mkAsync(_cb));
|
|
|
|
/* prove that you own an existing block by signing for its publicKey */
|
|
|
|
try {
|
|
|
|
var parsed = JSON.parse(proof);
|
|
|
|
var pub = parsed[0];
|
|
|
|
var u8_pub = Nacl.util.decodeBase64(pub);
|
|
|
|
var sig = parsed[1];
|
|
|
|
var u8_sig = Nacl.util.decodeBase64(sig);
|
|
|
|
var valid = false;
|
|
|
|
nThen(function (w) {
|
|
|
|
valid = Nacl.sign.detached.verify(u8_pub, u8_sig, u8_pub);
|
|
|
|
if (!valid) {
|
|
|
|
w.abort();
|
|
|
|
return void cb('E_INVALID_ANCESTOR_PROOF');
|
|
|
|
}
|
|
|
|
// else fall through to next step
|
|
|
|
}).nThen(function () {
|
|
|
|
Block.check(Env, pub, function (err) {
|
|
|
|
if (err) { return void cb('E_MISSING_ANCESTOR'); }
|
|
|
|
cb(void 0, pub);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
} catch (err) {
|
|
|
|
return void cb(err);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
Block.writeLoginBlock = function (Env, safeKey, msg, _cb) {
|
|
|
|
var cb = Util.once(Util.mkAsync(_cb));
|
|
|
|
var publicKey = msg[0];
|
|
|
|
var signature = msg[1];
|
|
|
|
var block = msg[2];
|
|
|
|
var registrationProof = msg[3];
|
|
|
|
var previousKey;
|
|
|
|
|
|
|
|
var validatedBlock, path;
|
|
|
|
nThen(function (w) {
|
|
|
|
if (Util.escapeKeyCharacters(publicKey) !== safeKey) {
|
|
|
|
w.abort();
|
|
|
|
return void cb("INCORRECT_KEY");
|
|
|
|
}
|
|
|
|
}).nThen(function (w) {
|
|
|
|
if (!Env.restrictRegistration) { return; }
|
|
|
|
if (!registrationProof) {
|
|
|
|
// we allow users with existing blocks to create new ones
|
|
|
|
// call back with error if registration is restricted and no proof of an existing block was provided
|
|
|
|
w.abort();
|
|
|
|
Env.Log.info("BLOCK_REJECTED_REGISTRATION", {
|
|
|
|
safeKey: safeKey,
|
|
|
|
publicKey: publicKey,
|
|
|
|
});
|
|
|
|
return cb("E_RESTRICTED");
|
|
|
|
}
|
|
|
|
Env.validateAncestorProof(registrationProof, w(function (err, provenKey) {
|
|
|
|
if (err || !provenKey) { // double check that a key was validated
|
|
|
|
w.abort();
|
|
|
|
Env.Log.warn('BLOCK_REJECTED_INVALID_ANCESTOR', {
|
|
|
|
error: err,
|
|
|
|
});
|
|
|
|
return void cb("E_RESTRICTED");
|
|
|
|
}
|
|
|
|
previousKey = provenKey;
|
|
|
|
}));
|
|
|
|
}).nThen(function (w) {
|
|
|
|
validateLoginBlock(Env, publicKey, signature, block, w(function (e, _validatedBlock) {
|
|
|
|
if (e) {
|
|
|
|
w.abort();
|
|
|
|
return void cb(e);
|
|
|
|
}
|
|
|
|
if (!(_validatedBlock instanceof Uint8Array)) {
|
|
|
|
w.abort();
|
|
|
|
return void cb('E_INVALID_BLOCK');
|
|
|
|
}
|
|
|
|
|
|
|
|
validatedBlock = _validatedBlock;
|
|
|
|
}));
|
|
|
|
}).nThen(function () {
|
|
|
|
BlockStore.write(Env, publicKey, Buffer.from(validatedBlock), function (err) {
|
|
|
|
Env.Log.info('BLOCK_WRITE_BY_OWNER', {
|
|
|
|
safeKey: safeKey,
|
|
|
|
blockId: publicKey,
|
|
|
|
isChange: Boolean(registrationProof),
|
|
|
|
previousKey: previousKey,
|
|
|
|
path: path,
|
|
|
|
});
|
|
|
|
cb(err);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
const DELETE_BLOCK = Nacl.util.decodeUTF8('DELETE_BLOCK');
|
|
|
|
|
|
|
|
/*
|
|
|
|
When users write a block, they upload the block, and provide
|
|
|
|
a signature proving that they deserve to be able to write to
|
|
|
|
the location determined by the public key.
|
|
|
|
|
|
|
|
When removing a block, there is nothing to upload, but we need
|
|
|
|
to sign something. Since the signature is considered sensitive
|
|
|
|
information, we can just sign some constant and use that as proof.
|
|
|
|
|
|
|
|
*/
|
|
|
|
Block.removeLoginBlock = function (Env, safeKey, msg, _cb) {
|
|
|
|
var cb = Util.once(Util.mkAsync(_cb));
|
|
|
|
|
|
|
|
var publicKey = msg[0];
|
|
|
|
var signature = msg[1];
|
|
|
|
|
|
|
|
nThen(function (w) {
|
|
|
|
if (Util.escapeKeyCharacters(publicKey) !== safeKey) {
|
|
|
|
w.abort();
|
|
|
|
return void cb("INCORRECT_KEY");
|
|
|
|
}
|
|
|
|
}).nThen(function () {
|
|
|
|
validateLoginBlock(Env, publicKey, signature, DELETE_BLOCK, function (e /*::, validatedBlock */) {
|
|
|
|
if (e) { return void cb(e); }
|
|
|
|
BlockStore.archive(Env, publicKey, function (err) {
|
|
|
|
Env.Log.info('ARCHIVAL_BLOCK_BY_OWNER_RPC', {
|
|
|
|
publicKey: publicKey,
|
|
|
|
status: err? String(err): 'SUCCESS',
|
|
|
|
});
|
|
|
|
cb(err);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|