From cbc864c9506adda6ff8fbda31e941d00c8b6be82 Mon Sep 17 00:00:00 2001 From: Derrick Hammer Date: Tue, 18 Jul 2023 08:53:51 -0400 Subject: [PATCH] feat: add encrypted communication mechanism to the kernel for the private key --- package.json | 2 + .../messages/exchangeCommunicationKeys.ts | 12 ++++ src/main/bootloader/messages/setLoginKey.ts | 26 ++++++++ src/main/bootloader/vars.ts | 23 +++++++ ui/components/account/Account.svelte | 66 +++++++++++++++---- 5 files changed, 117 insertions(+), 12 deletions(-) create mode 100644 src/main/bootloader/messages/exchangeCommunicationKeys.ts create mode 100644 src/main/bootloader/messages/setLoginKey.ts diff --git a/package.json b/package.json index 64670c1..8eef707 100644 --- a/package.json +++ b/package.json @@ -31,8 +31,10 @@ "@lumeweb/libresolver": "^0.1.0-develop.1", "@lumeweb/libweb": "^0.2.0-develop.22", "@lumeweb/tld-enum": "^0.1.0-develop.1", + "@noble/ciphers": "^0.1.4", "@peculiar/webcrypto": "^1.4.3", "@scure/bip39": "^1.2.1", + "ed25519-keygen": "^0.4.1", "ejs": "^3.1.9", "file-type": "^18.5.0", "is-ipfs": "^8.0.1", diff --git a/src/main/bootloader/messages/exchangeCommunicationKeys.ts b/src/main/bootloader/messages/exchangeCommunicationKeys.ts new file mode 100644 index 0000000..ad914ae --- /dev/null +++ b/src/main/bootloader/messages/exchangeCommunicationKeys.ts @@ -0,0 +1,12 @@ +import { bytesToHex, hexToBytes } from "@lumeweb/libweb"; +import { + getCommunicationPubKey, + setFrontendCommunicationPubkey, +} from "../vars.js"; +import { log } from "../util.js"; + +export default function (data: any) { + setFrontendCommunicationPubkey(hexToBytes(data)); + + return bytesToHex(getCommunicationPubKey()); +} diff --git a/src/main/bootloader/messages/setLoginKey.ts b/src/main/bootloader/messages/setLoginKey.ts new file mode 100644 index 0000000..d66bcef --- /dev/null +++ b/src/main/bootloader/messages/setLoginKey.ts @@ -0,0 +1,26 @@ +import { secretbox } from "@noble/ciphers/salsa"; +import { x25519 } from "@noble/curves/ed25519"; +import { + getCommunicationKey, + getFrontendCommunicationPubkey, + setLoginComplete, +} from "../vars.js"; +import { saveUserKey } from "../storage.js"; +import { hexToBytes } from "@lumeweb/libweb"; + +export default function (data: any) { + const box = secretbox( + x25519.getSharedSecret( + getCommunicationKey(), + getFrontendCommunicationPubkey(), + ), + hexToBytes(data.nonce), + ); + const decryptedData = box.open(hexToBytes(data.data)); + + setLoginComplete(false); + + saveUserKey(decryptedData); + + return true; +} diff --git a/src/main/bootloader/vars.ts b/src/main/bootloader/vars.ts index 18bf151..51666be 100644 --- a/src/main/bootloader/vars.ts +++ b/src/main/bootloader/vars.ts @@ -1,9 +1,12 @@ import { Client } from "@lumeweb/libportal"; +import { x25519 } from "@noble/curves/ed25519"; let loginComplete = false; let logoutComplete = false; let kernelLoaded = "not yet"; let bootloaderPortals: Client[] = []; +let communicationKey: Uint8Array; +let frontendCommunicationPubKey: Uint8Array; var userKey: Uint8Array; @@ -39,3 +42,23 @@ export function getUserKey() { export function setBootloaderPortals(portals: Client[]) { bootloaderPortals = portals; } + +export function getCommunicationKey() { + if (!communicationKey) { + communicationKey = x25519.utils.randomPrivateKey(); + } + + return communicationKey; +} + +export function getCommunicationPubKey() { + return x25519.getPublicKey(getCommunicationKey()); +} + +export function getFrontendCommunicationPubkey() { + return frontendCommunicationPubKey; +} + +export function setFrontendCommunicationPubkey(key: Uint8Array) { + frontendCommunicationPubKey = key; +} diff --git a/ui/components/account/Account.svelte b/ui/components/account/Account.svelte index d998aa4..d8ea531 100644 --- a/ui/components/account/Account.svelte +++ b/ui/components/account/Account.svelte @@ -1,11 +1,22 @@