/zenflows-crypto

Crypto functions for Zenflows in Zencode language

Primary LanguageShellGNU Affero General Public License v3.0AGPL-3.0

Zencode crypto in Zenflows

crypto tests

Zenflows logo

Zenflows is a tool to leverage commons-based peer production by documenting and monitoring the life cycle of products. The goal is that of enabling a federated network of organizations to bundle, systematize and share data, information and knowledge about physical artifacts.

This repository contains the cryptographic functions used in Zenflows.

software by Dyne.org

Repository organization

Zencode is executed by the Zenroom VM running inside a crypto-provider micro-service locally reachable by Zenflows.

The language documentation is found on dev.zenroom.org.

The src directory contains scripts called by the running Zenflows instance.

The test directory contains unit tests (single scripts tested in local) and integration tests (shell scripts that call zenflows staging instances to test its api).

Sequence diagrams

Below are detailed the most complex crypto exchanges taking place in Zenflows.

Login creation

sequenceDiagram
autonumber
  participant U as 🤓User
  participant C as 📱Client
  participant S as Server

  S->>S: Configured with secret salt 
  C->>U: Greets, asks email, name and challenges 
  U->>C: Answers email, name
  C->>+S: Sends name and email to server (ASAP)
  S->>S: Verifies email is not a duplicate
  S->>S: Compute HMAC of email with secret salt
  S->>-C: Sends HMAC (ASAP)
  U->>C: User provides answers to challenges
  C->>C: Generate SEED with PBKDF of HASH(answers) with HMAC
  C->>S: (Optional) Generate KDF dictionary of individual answers
  C->>C: Generate public keys from SEED
  C->>S: Sends public keys

Zencode

Notes

  • 1: Secret salt is generated at server install and saved as an HEX string in its configuration
  • 2: Interactive GUI poses all questions in one page: email, name and 5 challenges
  • 4: As soon as User answers name and email, reactive page sends them to server (ASAP)
  • 7: As soon as Client receives HMAC the Submit button is green
  • 8: May happen in parallel while Client and Server are handshaking the HMAC (ASAP)
  • 9: May need User confirmation that the answers given to challenges are OK
  • 10: Useful to facilitate seed recovery: the server can check validity of single answers
  • 12: Start with EDDSA public keys, seed is reused for more key types when needed

💼 License

Zenflows crypto

Copyright (c) 2021-2022 Dyne.org foundation, Amsterdam

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.