* Constant time password DK compare

* Minor View update
* Test module. Start work on module switching functionality. NYW!
This commit is contained in:
Bryan Ashby 2014-11-03 22:53:01 -07:00
parent 1264cdde01
commit eaf2aae48d
4 changed files with 73 additions and 21 deletions

View File

@ -82,4 +82,6 @@ TextView.prototype.setText = function(text) {
if(!this.multiLine && !this.dimens.width) {
this.dimens.width = this.text.length;
}
this.redraw();
};

View File

@ -305,7 +305,23 @@ function authenticate(userName, password, client, cb) {
if(err) {
cb(false);
} else {
cb(passDk === propsDk);
//
// Use constant time comparison here for security feel-goods
//
var passDkBuf = new Buffer(passDk, 'hex');
var propsDkBuf = new Buffer(propsDk, 'hex');
if(passDkBuf.length !== propsDkBuf.length) {
cb(false);
return;
}
var c = 0;
for(var i = 0; i < passDkBuf.length; i++) {
c |= passDkBuf[i] ^ propsDkBuf[i];
}
cb(0 === c);
}
}
);

View File

@ -1,11 +1,11 @@
/* jslint node: true */
'use strict';
//var art = require('../core/art.js');
var ansi = require('../core/ansi_term.js');
var art = require('../core/art.js');
var user = require('../core/user.js');
var theme = require('../core/theme.js');
var modules = require('../core/modules.js');
//var view = require('../core/view.js');
var textView = require('../core/text_view.js');
@ -29,7 +29,7 @@ function entryPoint(client) {
//art.getArt('SO-CC1.ANS'/* 'MATRIX'*/, { types: ['.ans'], random: true}, function onArt(err, theArt) {
//client.user.properties.art_theme_id = '';
theme.getThemeArt('MCI_FORM1.ANS', client.user.properties.art_theme_id, function onArt(err, theArt) {
theme.getThemeArt('MATRIX_1.ANS', client.user.properties.art_theme_id, function onArt(err, theArt) {
//art.getArt('MATRIX_1.ANS', {}, function onArt(err, theArt) {
if(!err) {
@ -43,34 +43,22 @@ function entryPoint(client) {
console.log(isValid);
});
user.createNew({
userName : 'NuSkooler',
password : 'password',
//properties : {
// pw_pbkdf2_salt : '81b45dc699c716ac1913039138b64e3057844128cf1f9291c6475d26dab3d4a5',
// pw_pbkdf2_dk : '14856dc5d6d277e29c5bb2ca4511695203fc48260128d2a4a611be4eefa1acfa80f8656e80d3361baa3a10ce5918829e9e3a4197b0c552978b6546d2b885d93e933a1270a5e4a81af06818d1fa9f7df830bc46f6f5870f46be818a05114f77b5605477c09e987dc4faf2a939c6869dcf2a28652d5607e5cca2e987ea2003ab4e',
//}
}, function onCreated(err, id) {
if(err) {
console.log(err);
} else {
console.log('new user created: ' + id);
}
});
var vc = new viewController.ViewController(client);
vc.on('submit', function onSubmit(formData) {
console.log(formData);
vc.detachClientEvents();
modules.goto('test_module1', client);
});
vc.loadFromMCIMap(mci);
//vc.getView(3).setText('New');
//vc.getView(4).setText('Login');
vc.setViewOrder();
//vc.getView(1).submit = true;
//vc.getView(1).setItems(['System Login', 'Apply', 'GTFO!']);
vc.getView(2).submit = true;
vc.getView(3).setText('Apply');
//vc.getView(1).setItems(['System Login', 'Apply', 'GTFO!']);
//vc.getView(2).submit = true;
//vc.getView(3).setText('Apply');
vc.switchFocus(1);
});
}

46
mods/test_module1.js Normal file
View File

@ -0,0 +1,46 @@
/* jslint node: true */
'use strict';
var ansi = require('../core/ansi_term.js');
var theme = require('../core/theme.js');
var viewController = require('../core/view_controller.js');
var art = require('../core/art.js');
var async = require('async');
exports.moduleInfo = {
name : 'Test Module 2',
desc : 'A Test Module',
author : 'NuSkooler',
};
exports.entryPoint = entryPoint;
function entryPoint(client) {
var term = client.term;
term.write(ansi.resetScreen());
async.waterfall(
[
function getArt(callback) {
theme.getThemeArt('MCI_VM1.ANS', client.user.properties.art_theme_id, function onArt(err, theArt) {
callback(err, theArt);
});
},
function displayArt(theArt, callback) {
art.display(theArt, { client : client, mciReplaceChar : ' ' }, function onDisplayed(err, mci) {
callback(err, mci);
});
},
function artDisplayed(mci, callback) {
var vc = new viewController.ViewController(client);
vc.loadFromMCIMap(mci);
vc.setViewOrder();
vc.switchFocus(1);
}
],
function onComplete(err) {
console.log(err);
}
);
}