diff options
author | Yigit Sever | 2021-04-15 03:50:34 +0300 |
---|---|---|
committer | Yigit Sever | 2021-04-15 03:50:34 +0300 |
commit | dcc2d99140d25c5f163e425fb6ed7246fe88ea54 (patch) | |
tree | 9108ff3aa44622ff0bda4bb82d9b1fb38f168dfe /site/content/register_docs.md | |
parent | be037a6b35056ec8aa8f75e56becd009bc7c01f2 (diff) | |
parent | 412276f8dac075836aaa8fdf636aa068718a2bbf (diff) | |
download | gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.tar.gz gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.tar.bz2 gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.zip |
Merge remote-tracking branch 'origin/template' into template
Diffstat (limited to 'site/content/register_docs.md')
-rw-r--r-- | site/content/register_docs.md | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/site/content/register_docs.md b/site/content/register_docs.md new file mode 100644 index 0000000..45571fb --- /dev/null +++ b/site/content/register_docs.md | |||
@@ -0,0 +1,42 @@ | |||
1 | +++ | ||
2 | title = "Register" | ||
3 | description = "Register Documentation" | ||
4 | weight = 3 | ||
5 | +++ | ||
6 | |||
7 | POST request to /register endpoint | ||
8 | Lets a [`User`] (=student) to authenticate themselves to the system | ||
9 | This `request` can be rejected if the payload is malformed (=not authenticated properly) or if | ||
10 | the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account | ||
11 | |||
12 | # Authentication Process | ||
13 | - Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle. | ||
14 | - Gradecoin's Private Key (`gradecoin_private_key`) is loaded here | ||
15 | |||
16 | - Student picks a short temporary key (`k_temp`) | ||
17 | - Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`): | ||
18 | { | ||
19 | student_id: "e12345", | ||
20 | passwd: "15 char secret" | ||
21 | public_key: "---BEGIN PUBLIC KEY..." | ||
22 | } | ||
23 | |||
24 | - Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd? | ||
25 | - The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme | ||
26 | using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext` | ||
27 | - The payload JSON object (`auth_request`) can be JSON serialized now: | ||
28 | { | ||
29 | c: "auth_ciphertext" | ||
30 | key: "key_ciphertext" | ||
31 | } | ||
32 | |||
33 | ## Gradecoin Side | ||
34 | |||
35 | - Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu | ||
36 | - With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us | ||
37 | auth_plaintext | ||
38 | - The `auth_plaintext` String can be deserialized to [`AuthRequest`] | ||
39 | - We then verify the payload and calculate the User fingerprint | ||
40 | - Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>` | ||
41 | |||
42 | |||