refactor: port over the encrypted key exchange and set key from extension
This commit is contained in:
parent
97e083fb21
commit
6fa0d49ce1
|
@ -9,6 +9,7 @@
|
||||||
"version": "0.1.0-develop.1",
|
"version": "0.1.0-develop.1",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@lumeweb/libweb": "0.2.0-develop.27",
|
"@lumeweb/libweb": "0.2.0-develop.27",
|
||||||
|
"@noble/ciphers": "^0.1.4",
|
||||||
"binconv": "^0.2.0"
|
"binconv": "^0.2.0"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
|
@ -1731,6 +1732,14 @@
|
||||||
"vite-plugin-optimizer": "^1.4.2"
|
"vite-plugin-optimizer": "^1.4.2"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/@noble/ciphers": {
|
||||||
|
"version": "0.1.4",
|
||||||
|
"resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-0.1.4.tgz",
|
||||||
|
"integrity": "sha512-d3ZR8vGSpy3v/nllS+bD/OMN5UZqusWiQqkyj7AwzTnhXFH72pF5oB4Ach6DQ50g5kXxC28LdaYBEpsyv9KOUQ==",
|
||||||
|
"funding": {
|
||||||
|
"url": "https://paulmillr.com/funding/"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/@noble/curves": {
|
"node_modules/@noble/curves": {
|
||||||
"version": "1.1.0",
|
"version": "1.1.0",
|
||||||
"resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.1.0.tgz",
|
"resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.1.0.tgz",
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@lumeweb/libweb": "0.2.0-develop.27",
|
"@lumeweb/libweb": "0.2.0-develop.27",
|
||||||
|
"@noble/ciphers": "^0.1.4",
|
||||||
"binconv": "^0.2.0"
|
"binconv": "^0.2.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
import { boot } from "./kernel.js";
|
import { boot } from "./kernel.js";
|
||||||
|
import { handleIncomingMessage } from "./messages.js";
|
||||||
|
|
||||||
document.title = "Hosted Lume Kernel";
|
document.title = "Hosted Lume Kernel";
|
||||||
let header = document.createElement("h1");
|
let header = document.createElement("h1");
|
||||||
|
@ -6,4 +7,6 @@ header.textContent =
|
||||||
"Something went wrong! You should not be visiting this page, this page should only be accessed via an invisible iframe.";
|
"Something went wrong! You should not be visiting this page, this page should only be accessed via an invisible iframe.";
|
||||||
document.body.appendChild(header);
|
document.body.appendChild(header);
|
||||||
|
|
||||||
|
window.addEventListener("message", handleIncomingMessage);
|
||||||
|
|
||||||
boot();
|
boot();
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
import exchangeCommunicationKeys from "./messages/exchangeCommunicationKeys.js";
|
||||||
|
import setLoginKey from "./messages/setLoginKey.js";
|
||||||
|
|
||||||
|
const kernelMessageHandlers = {
|
||||||
|
exchangeCommunicationKeys,
|
||||||
|
setLoginKey,
|
||||||
|
};
|
||||||
|
|
||||||
|
export async function handleIncomingMessage(event: MessageEvent) {
|
||||||
|
if (event.source === null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (event.source === window) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!("nonce" in event.data)) {
|
||||||
|
(event.source as WindowProxy).postMessage(
|
||||||
|
{
|
||||||
|
nonce: "N/A",
|
||||||
|
method: "response",
|
||||||
|
err: "message sent to kernel with no nonce",
|
||||||
|
},
|
||||||
|
event.origin,
|
||||||
|
);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!("method" in event.data)) {
|
||||||
|
(event.source as WindowProxy).postMessage(
|
||||||
|
{
|
||||||
|
nonce: event.data.nonce,
|
||||||
|
method: "response",
|
||||||
|
err: "message sent to kernel with no method",
|
||||||
|
},
|
||||||
|
event.origin,
|
||||||
|
);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (event.data.method in kernelMessageHandlers) {
|
||||||
|
let response;
|
||||||
|
|
||||||
|
try {
|
||||||
|
response = await kernelMessageHandlers[event.data.method](
|
||||||
|
event.data.data,
|
||||||
|
);
|
||||||
|
} catch (e: any) {
|
||||||
|
response = { err: (e as Error).message };
|
||||||
|
}
|
||||||
|
|
||||||
|
(event.source as WindowProxy).postMessage(
|
||||||
|
{
|
||||||
|
nonce: event.data.nonce,
|
||||||
|
data: response,
|
||||||
|
},
|
||||||
|
event.origin,
|
||||||
|
);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (["moduleCall", "response"].includes(event.data.method)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
(event.source as WindowProxy).postMessage(
|
||||||
|
{
|
||||||
|
nonce: event.data.nonce,
|
||||||
|
method: "response",
|
||||||
|
err:
|
||||||
|
"unrecognized method (user may need to log in): " + event.data.method,
|
||||||
|
},
|
||||||
|
event.origin,
|
||||||
|
);
|
||||||
|
return;
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
import { bytesToHex, hexToBytes } from "@lumeweb/libweb";
|
||||||
|
import {
|
||||||
|
getCommunicationPubKey,
|
||||||
|
setFrontendCommunicationPubkey,
|
||||||
|
} from "../vars.js";
|
||||||
|
import { log } from "../util.js";
|
||||||
|
|
||||||
|
export default function (data: any) {
|
||||||
|
setFrontendCommunicationPubkey(hexToBytes(data));
|
||||||
|
|
||||||
|
return bytesToHex(getCommunicationPubKey());
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
import { secretbox } from "@noble/ciphers/salsa";
|
||||||
|
import { x25519 } from "@noble/curves/ed25519";
|
||||||
|
import {
|
||||||
|
getCommunicationKey,
|
||||||
|
getFrontendCommunicationPubkey,
|
||||||
|
setLoginComplete,
|
||||||
|
} from "../vars.js";
|
||||||
|
import { saveUserKey } from "../storage.js";
|
||||||
|
import { hexToBytes } from "@lumeweb/libweb";
|
||||||
|
|
||||||
|
export default function (data: any) {
|
||||||
|
const box = secretbox(
|
||||||
|
x25519.getSharedSecret(
|
||||||
|
getCommunicationKey(),
|
||||||
|
getFrontendCommunicationPubkey(),
|
||||||
|
),
|
||||||
|
hexToBytes(data.nonce),
|
||||||
|
);
|
||||||
|
const decryptedData = box.open(hexToBytes(data.data));
|
||||||
|
|
||||||
|
setLoginComplete(false);
|
||||||
|
|
||||||
|
saveUserKey(decryptedData);
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
Loading…
Reference in New Issue