fix serverKey size. remove deviceKey autocreation if existing key doe…

…sn't match handshake provided key.
Brewskey · Aug 17, 2017 · 2e1dde3 · 2e1dde3
1 parent b5ede6d
commit 2e1dde3
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 44 deletions.
diff --git a/dist/lib/CryptoManager.js b/dist/lib/CryptoManager.js
@@ -71,7 +71,7 @@ var CryptoManager = (_temp = _class = function CryptoManager(deviceKeyRepository
       while (1) {
         switch (_context.prev = _context.next) {
           case 0:
-            privateKey = new _nodeRsa2.default({ b: 1024 });
+            privateKey = new _nodeRsa2.default({ b: 2048 });
             _context.next = 3;
             return _this._serverKeyRepository.createKeys(privateKey.exportKey('pkcs1-private-pem'), privateKey.exportKey('pkcs8-public-pem'));
 

diff --git a/dist/lib/Handshake.js b/dist/lib/Handshake.js
@@ -32,12 +32,28 @@ var _logger = require('../lib/logger');
 
 var _logger2 = _interopRequireDefault(_logger);
 
-var _nullthrows = require('nullthrows');
-
-var _nullthrows2 = _interopRequireDefault(_nullthrows);
-
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
+/*
+*   Copyright (c) 2015 Particle Industries, Inc.  All rights reserved.
+*
+*   This program is free software; you can redistribute it and/or
+*   modify it under the terms of the GNU Lesser General Public
+*   License as published by the Free Software Foundation, either
+*   version 3 of the License, or (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+*   Lesser General Public License for more details.
+*
+*   You should have received a copy of the GNU Lesser General Public
+*   License along with this program; if not, see <http://www.gnu.org/licenses/>.
+*
+* 
+*
+*/
+
 var logger = _logger2.default.createModuleLogger(module);
 /*
  Handshake protocol v1
@@ -97,26 +113,6 @@ var logger = _logger2.default.createModuleLogger(module);
  After the max uint32, the next message should set the counter to zero.
 */
 
-/*
-*   Copyright (c) 2015 Particle Industries, Inc.  All rights reserved.
-*
-*   This program is free software; you can redistribute it and/or
-*   modify it under the terms of the GNU Lesser General Public
-*   License as published by the Free Software Foundation, either
-*   version 3 of the License, or (at your option) any later version.
-*
-*   This program is distributed in the hope that it will be useful,
-*   but WITHOUT ANY WARRANTY; without even the implied warranty of
-*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-*   Lesser General Public License for more details.
-*
-*   You should have received a copy of the GNU Lesser General Public
-*   License along with this program; if not, see <http://www.gnu.org/licenses/>.
-*
-* 
-*
-*/
-
 var NONCE_BYTES = 40;
 var ID_BYTES = 12;
 var SESSION_BYTES = 40;
@@ -381,22 +377,16 @@ var Handshake = function Handshake(cryptoManager) {
 
             case 5:
               if (publicKey.equals(deviceProvidedPem)) {
-                _context5.next = 10;
+                _context5.next = 7;
                 break;
               }
 
-              logger.error('TODO: KEY PASSED TO DEVICE DURING HANDSHAKE DOESNT MATCH SAVED PUBLIC KEY');
-
-              _context5.next = 9;
-              return _this._cryptoManager.createDevicePublicKey(deviceID, (0, _nullthrows2.default)(deviceProvidedPem));
+              throw new Error('key passed to device during handshake doesn\'t' + ('match saved public key: ' + deviceID));
 
-            case 9:
-              return _context5.abrupt('return', _context5.sent);
-
-            case 10:
+            case 7:
               return _context5.abrupt('return', publicKey);
 
-            case 11:
+            case 8:
             case 'end':
               return _context5.stop();
           }

diff --git a/src/lib/CryptoManager.js b/src/lib/CryptoManager.js
@@ -51,7 +51,7 @@ class CryptoManager {
   };
 
   _createServerKeys = async (): Promise<NodeRSA> => {
-    const privateKey = new NodeRSA({ b: 1024 });
+    const privateKey = new NodeRSA({ b: 2048 });
 
     await this._serverKeyRepository.createKeys(
       privateKey.exportKey('pkcs1-private-pem'),

diff --git a/src/lib/Handshake.js b/src/lib/Handshake.js
@@ -27,7 +27,6 @@ import type CryptoManager from './CryptoManager';
 
 import ChunkingStream from './ChunkingStream';
 import Logger from '../lib/logger';
-import nullthrows from 'nullthrows';
 const logger = Logger.createModuleLogger(module);
 /*
  Handshake protocol v1
@@ -311,13 +310,9 @@ class Handshake {
     }
 
     if (!publicKey.equals(deviceProvidedPem)) {
-      logger.error(
-        'TODO: KEY PASSED TO DEVICE DURING HANDSHAKE DOESNT MATCH SAVED PUBLIC KEY',
-      );
-
-      return await this._cryptoManager.createDevicePublicKey(
-        deviceID,
-        nullthrows(deviceProvidedPem),
+      throw new Error(
+        "key passed to device during handshake doesn't" +
+          `match saved public key: ${deviceID}`,
       );
     }