New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add PSK support to thaliWifiInfrastructure and thaliMobileNativeWrapper #664

Open
yaronyg opened this Issue Mar 23, 2016 · 1 comment

Comments

Projects
None yet
4 participants
@yaronyg
Member

yaronyg commented Mar 23, 2016

We need to enable the express servers hosted by thaliMobileNativeWrapper and thaliWifiInfrastructure to accept connections over HTTPS using PSK. Shawn has an example of how this is done over here but the basic idea is that when we call createServer we need to use https, not http and we need to pass in options next to our router. We should just need:

{
    ciphers : 'PSK-AES256-CBC-SHA',
   pskCallback : function (id) {
       debug('inside the callback for identity: %s', id);
       debug('identity %s', id);
       debug('key %s', JSON.stringify(pskey));
       if (id == identity) {
           debug('identity passed');
           return pskey;
       }
       return null;
   }
}

Where the id in the pskCallback is the identity value submitted by the client and the callback then returns either the pskey that is supposed to be used to validate that caller or null if the caller isn't to be validated at all. That id will be fed into the dictionary returned by thaliNotificationBeacons.generatePskSecrets. If there is a match then we will return the right key. Note, however, that in addition to the output of generatePskSecrets we also need to hard code in the pre-generated beacon secrets. But that is handled above us.

We don't want to put all this logic in either thaliMobileNativeWrapper or thaliWifiInfrastructure. Instead what we want to do is to require that both functions in their start methods take an argument like the addressBookCallback where they will call that submitted function when they get a PSK connection.

  • Add test to wifiInfrastructure that we try to connect with normal HTTP and we try to connect with HTTPS and make sure they all fail
  • Update desktop JXcore version to PSK release
  • Add pskCallbackDictionary argument to thaliMobileNativeWrapper
  • Change thaliMobileNativeWrapper to HTTPS and use pskCallback with pskCallbackDictionary
  • Update thaliMobileNativeWrapper tests to use PSK
  • Fix tests where we fail PSK connection and add tests where we try to connect with normal
  • testThaliMobileNativeWrapper there is a test 'will fail bad PSK connection between peers'
    TLS and not PSK
  • Add pskCallbackDictionary argument to thaliWifiInfrastructure
  • Change thaliWifiInfrastructure to HTTPS and use pskCallback with pskCallbackDictionary
  • Update thaliWifiInfrastructure tests to use PSK
  • Implement thaliNotificationBeacons.generatePskSecrets
  • Test thaliNotificationBeacons.generatePskSecrets
  • Test generateBeaconStreamAndSecrets
  • Define in thaliConfig the standard public key, PSK ID and PSK value for beacon requests

@yaronyg yaronyg self-assigned this Mar 23, 2016

@yaronyg yaronyg added this to the New Infra milestone Mar 23, 2016

@yaronyg yaronyg added 0 - Icebox and removed 0 - Icebox labels Mar 23, 2016

@yaronyg yaronyg added 2 - Ready and removed 3 - Working labels Mar 25, 2016

@yaronyg yaronyg added 3 - Working and removed 2 - Ready labels Apr 1, 2016

@yaronyg yaronyg removed this from the New Infra milestone Apr 6, 2016

@yaronyg yaronyg removed their assignment Apr 6, 2016

@yaronyg yaronyg added bug Security 0 - Icebox and removed 2 - Ready labels Apr 6, 2016

@yaronyg

This comment has been minimized.

Show comment
Hide comment
@yaronyg

yaronyg Jul 11, 2016

Member

See also #723

Member

yaronyg commented Jul 11, 2016

See also #723

@yaronyg yaronyg added this to the V1 milestone Aug 3, 2016

@yaronyg yaronyg added 1 - Backlog and removed 0 - Icebox labels Aug 4, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment