summaryrefslogtreecommitdiffstats
path: root/site/content/register_docs.md
blob: 45571fbddd16ed1b2e20e7e023e1a65689983410 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
+++
title = "Register"
description = "Register Documentation"
weight = 3
+++

POST request to /register endpoint
Lets a [`User`] (=student) to authenticate themselves to the system
This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account

# Authentication Process
- Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle.
- Gradecoin's Private Key (`gradecoin_private_key`) is loaded here

- Student picks a short temporary key (`k_temp`)
- Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
{
    student_id: "e12345",
    passwd: "15 char secret"
    public_key: "---BEGIN PUBLIC KEY..."
}

- Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd?
- The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme
using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext`
- The payload JSON object (`auth_request`) can be JSON serialized now:
{
    c: "auth_ciphertext"
    key: "key_ciphertext"
}

## Gradecoin Side

- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu
- With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us
auth_plaintext
- The `auth_plaintext` String can be deserialized to [`AuthRequest`]
- We then verify the payload and calculate the User fingerprint
- Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`