1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Register | </title>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<style>
:root {
/* Primary theme color */
--primary-color: #F8D12F;
/* Primary theme text color */
--primary-text-color: #1E2329;
/* Primary theme link color */
--primary-link-color: #2F57F7;
/* Secondary color: the background body color */
--secondary-color: #FAFAFA;
--secondary-text-color: #303030;
/* Highlight text color of table of content */
--toc-highlight-text-color: #d46e13;
}
</style>
<link href="https://fonts.googleapis.com/css?family=Alfa+Slab+One&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Fira+Sans:400,500,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/normalize.css">
<link rel="stylesheet" href="http://localhost:8080/juice.css">
</head>
<body>
<header class="box-shadow">
<a href="http://localhost:8080/">
<div class="logo">
<img src="http://localhost:8080/gradecoin.png" alt="logo">
Gradecoin
</div>
</a>
<nav>
<a class="nav-item subtitle-text" href="http://localhost:8080/block-docs/">Blocks</a>
<a class="nav-item subtitle-text" href="http://localhost:8080/transaction-docs/">Transactions</a>
<a class="nav-item subtitle-text" href="http://localhost:8080/register-docs/">Register</a>
<a class="nav-item subtitle-text" href="http://localhost:8080/jwt/">JWT</a>
<a class="nav-item subtitle-text" href="https://github.com/zhuowei/nft_ptr#why">why?</a>
</nav>
</header>
<main>
<div class="toc">
<div class="toc-sticky">
<div class="toc-item">
<a class="subtext" href="http://localhost:8080/register-docs/#authentication-process">Authentication Process</a>
</div>
<div class="toc-item-child">
<a class="subtext" href="http://localhost:8080/register-docs/#gradecoin-side"><small>- Gradecoin Side</small></a>
</div>
</div>
</div>
<div class="content text">
<div class="heading-text">Register Documentation</div>
<p>POST request to /register endpoint
Lets a [<code>User</code>] (=student) to authenticate themselves to the system
This <code>request</code> can be rejected if the payload is malformed (=not authenticated properly) or if
the [<code>AuthRequest.user_id</code>] of the <code>request</code> is not in the list of users that can hold a Gradecoin account</p>
<h1 id="authentication-process">Authentication Process</h1>
<ul>
<li>
<p>Gradecoin's Public Key (<code>gradecoin_public_key</code>) is listed on moodle.</p>
</li>
<li>
<p>Gradecoin's Private Key (<code>gradecoin_private_key</code>) is loaded here</p>
</li>
<li>
<p>Student picks a short temporary key (<code>k_temp</code>)</p>
</li>
<li>
<p>Creates a JSON object (<code>auth_plaintext</code>) with their <code>metu_id</code> and <code>public key</code> in base64 (PEM) format (<code>S_PK</code>):
{
student_id: "e12345",
passwd: "15 char secret"
public_key: "---BEGIN PUBLIC KEY..."
}</p>
</li>
<li>
<p>Encrypts the serialized string of <code>auth_plaintext</code> with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (<code>k_temp</code>), the result is <code>auth_ciphertext</code> TODO should this be base64'd?</p>
</li>
<li>
<p>The temporary key student has picked <code>k_temp</code> is encrypted using RSA with OAEP padding scheme
using sha256 with <code>gradecoin_public_key</code> (TODO base64? same as above), giving us <code>key_ciphertext</code></p>
</li>
<li>
<p>The payload JSON object (<code>auth_request</code>) can be JSON serialized now:
{
c: "auth_ciphertext"
key: "key_ciphertext"
}</p>
</li>
</ul>
<h2 id="gradecoin-side">Gradecoin Side</h2>
<ul>
<li>Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with <code>gradecoin_private_key</code> as the key and auth_request.key <code>key</code> as the ciphertext, receiving <code>temp_key</code> (this is the temporary key chosen by stu</li>
<li>With <code>temp_key</code>, we can AES 128 Cbc Pkcs7 decrypt the <code>auth_request.c</code>, giving us
auth_plaintext</li>
<li>The <code>auth_plaintext</code> String can be deserialized to [<code>AuthRequest</code>]</li>
<li>We then verify the payload and calculate the User fingerprint</li>
<li>Finally, create the new [<code>User</code>] object, insert to users HashMap <code><fingerprint, User></code></li>
</ul>
</div>
</main>
<footer>
Built For ⁂ CENG489 ⁂ Introduction to Computer Security
</footer>
</body>
<script>
function highlightNav(heading) {
let pathname = location.pathname;
document.querySelectorAll(".toc a").forEach((item) => {
item.classList.remove("active");
});
document.querySelector(".toc a[href$='" + pathname + "#" + heading + "']").classList.add("active");
}
let currentHeading = "";
window.onscroll = function () {
let h = document.querySelectorAll("h1,h2,h3,h4,h5,h6");
let elementArr = [];
h.forEach(item => {
if (item.id !== "") {
elementArr[item.id] = item.getBoundingClientRect().top;
}
});
elementArr.sort();
for (let key in elementArr) {
if (!elementArr.hasOwnProperty(key)) {
continue;
}
if (elementArr[key] > 0 && elementArr[key] < 300) {
if (currentHeading !== key) {
highlightNav(key);
currentHeading = key;
}
break;
}
}
}
</script>
</html>
|