Verifying service produced challenge

2019-11-26 22:42:57 +02:00 · 2019-11-26 22:42:57 +02:00 · 4d16737b23
commit 4d16737b23
parent 0a17e78fdc
2 changed files with 55 additions and 40 deletions
--- a/lib/commands/add-lock.js
+++ b/lib/commands/add-lock.js
@ -28,7 +28,12 @@ module.exports.handler = (argv) => {
    persistence().LoadDB()
        .then(db => {
            // TODO validate lock definition has all the parameters we need
-            // TODO: Verify challenge comes from a service we know...
+            // TODO: validate serviceExtendedPublicKey
            const verification = cryptoUtil.verifyChallenge(
                registerationMessage.serviceExtendedPublicKey, 
                challenge
                );
            if(verification) {
                return db.ExtendedPublicKey.findOne({
                    where: {
                        xpub: challenge.xpub
@ -41,8 +46,9 @@ module.exports.handler = (argv) => {
                }).then(extendedPublicKey => {
                    if (extendedPublicKey) {
                        const encryptedKey = extendedPublicKey.key.encryptedPrivateKey;
                        const iv = extendedPublicKey.key.iv;
                        const password = "vanished";
-                    const walletXpriv = cryptoUtil.decrypt(encryptedKey, password);
+                        const walletXpriv = cryptoUtil.decrypt(encryptedKey, password, iv);
                        var challengeDerivationPath = `${extendedPublicKey.derivationPath}/${challenge.derivationPath.split("c/")[1]}`;
@ -53,6 +59,7 @@ module.exports.handler = (argv) => {
                        return db.Lock.create({
                            userIdentifier: registerationMessage.userIdentifier,
                            url: registerationMessage.url,
                            serviceExtendedPublicKey: registerationMessage.serviceExtendedPublicKey,
                            signature: signature.toString('hex'),
                            message: challenge.message,
                            extendedPublicKeyId: extendedPublicKey.id
@ -70,6 +77,10 @@ module.exports.handler = (argv) => {
                    }
                })
            } else {
                console.error("Challenge not signed by service");
            }
        })
 }
--- a/lib/core/persistence/models/lock.js
+++ b/lib/core/persistence/models/lock.js
@ -16,6 +16,10 @@ module.exports = function (sequelize, DataTypes, options) {
            type: DataTypes.STRING,
            allowNull: false
        },
        serviceExtendedPublicKey: {
            type: DataTypes.STRING,
            allowNull: false
        },
        signature: {
            // Derivation from the master key...
            // TODO: Add validation...