From f7a90ad1ad1c55fba46a2ea4e211aee62b0488e7 Mon Sep 17 00:00:00 2001 From: Neeraj Gupta <254676+ua741@users.noreply.github.com> Date: Thu, 7 Sep 2023 21:53:14 +0530 Subject: [PATCH] Add basic API to perform SRP login --- internal/api/client.go | 5 +++++ internal/api/login_type.go | 22 +++++++++------------- internal/crypto/crypto.go | 3 +++ 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/internal/api/client.go b/internal/api/client.go index f24ba4ae9..9163e66bd 100644 --- a/internal/api/client.go +++ b/internal/api/client.go @@ -1,6 +1,7 @@ package api import ( + "context" "errors" "github.com/go-resty/resty/v2" @@ -20,6 +21,10 @@ func NewClient() *Client { } } +func authReq(ctx context.Context, fn func(*resty.Request) (*resty.Response, error)) (*resty.Response, error) { + return fn(ctx.Value("auth").(*resty.Request)) +} + // Error type for resty.Error{} type Error struct{} diff --git a/internal/api/login_type.go b/internal/api/login_type.go index 969d42cc9..dc5003873 100644 --- a/internal/api/login_type.go +++ b/internal/api/login_type.go @@ -20,19 +20,15 @@ type CreateSRPSessionResponse struct { // KeyAttributes stores the key related attributes for a user type KeyAttributes struct { - KEKSalt string `json:"kekSalt" binding:"required"` - KEKHash string `json:"kekHash"` - EncryptedKey string `json:"encryptedKey" binding:"required"` - KeyDecryptionNonce string `json:"keyDecryptionNonce" binding:"required"` - PublicKey string `json:"publicKey" binding:"required"` - EncryptedSecretKey string `json:"encryptedSecretKey" binding:"required"` - SecretKeyDecryptionNonce string `json:"secretKeyDecryptionNonce" binding:"required"` - MemLimit int `json:"memLimit" binding:"required"` - OpsLimit int `json:"opsLimit" binding:"required"` - MasterKeyEncryptedWithRecoveryKey string `json:"masterKeyEncryptedWithRecoveryKey"` - MasterKeyDecryptionNonce string `json:"masterKeyDecryptionNonce"` - RecoveryKeyEncryptedWithMasterKey string `json:"recoveryKeyEncryptedWithMasterKey"` - RecoveryKeyDecryptionNonce string `json:"recoveryKeyDecryptionNonce"` + KEKSalt string `json:"kekSalt" binding:"required"` + KEKHash string `json:"kekHash"` + EncryptedKey string `json:"encryptedKey" binding:"required"` + KeyDecryptionNonce string `json:"keyDecryptionNonce" binding:"required"` + PublicKey string `json:"publicKey" binding:"required"` + EncryptedSecretKey string `json:"encryptedSecretKey" binding:"required"` + SecretKeyDecryptionNonce string `json:"secretKeyDecryptionNonce" binding:"required"` + MemLimit int `json:"memLimit" binding:"required"` + OpsLimit int `json:"opsLimit" binding:"required"` } type AuthorizationResponse struct { diff --git a/internal/crypto/crypto.go b/internal/crypto/crypto.go index c11cdd046..84c3b2af4 100644 --- a/internal/crypto/crypto.go +++ b/internal/crypto/crypto.go @@ -75,6 +75,9 @@ func decryptChaCha20poly1305(data []byte, key []byte, nonce []byte) ([]byte, err return decryptedData[:n], nil } +// DeriveLoginKey derives a login key from the given key encryption key. +// This loginKey act as user provided password during SRP authentication. +// Parameters: keyEncKey: This is the keyEncryptionKey that is derived from the user's password. func DeriveLoginKey(keyEncKey []byte) []byte { mainKey := sodium.MasterKey{Bytes: keyEncKey} subKey := mainKey.Derive(loginSubKeyLen, loginSubKeyId, loginSubKeyContext).Bytes