SEA authentication on node.js errors

[jadbox]

Gun: 0.9.9994
Nodejs v9.11.2

Calling user.create(...) successfully and then calling .auth(....) fails with the console log error "NO! Unverified data". It seems like there's a problem with the signatures in a pure nodejs environment. My tests are running in a node environment as well (not browser).

[amark]

user.create('a', 'b', function(){
  user.auth('a', 'b', cb):
});

?

doing

user.create('a','b').auth('a','b')

Is something I want to support (I know it is possible), but haven't fixed yet.

[jadbox]

@amark
This is what my test looks like. It seems like my error changed to this
{"err": "Auth attempt failed! Reason: Public key does not exist!"

var gun, user;
test('GunStorageProxy is instantiable', done => {
    gun = Gun({ localStorage: true, radisk: false })
    user = gun.user()
    done()
  })

  test('GunStorageProxy register users', async done => {
    user.create('bob', 'test123', err => {
      expect(err).toHaveProperty('ok')
      setTimeout(done, 30)
    })
  })

  test('GunStorageProxy login users', async done => {
    user.auth('bob', 'test123', err => {
      expect(err).toHaveProperty('ok')
      done()
    })
  })

[jadbox]

Rerunning the previous test gives an error for the registering a user with {"err": "User already created!"}...meaning that the user was registered successfully, but I just can't log in as them.

[jadbox]

Hmm, I cleared my local storage and tried the test again... now I'm seeing this error and think it's coming from the create method.

NO! Unverified data. { '~7RWhq0CZqdEm6Q_hJWYFKavnD4xofAt7NBBiAn7Hmuo.EZvBLMsX_MEPIZT0JfhbR_1zQ_POzhT4N01RuqsYRy4': 
       { _: 
          { '#': '~7RWhq0CZqdEm6Q_hJWYFKavnD4xofAt7NBBiAn7Hmuo.EZvBLMsX_MEPIZT0JfhbR_1zQ_POzhT4N01RuqsYRy4',
            '>': [Object] },
         alias: 'SEA{"m":"\\"bob\\"","s":""}',
         pub: '7RWhq0CZqdEm6Q_hJWYFKavnD4xofAt7NBBiAn7Hmuo.EZvBLMsX_MEPIZT0JfhbR_1zQ_POzhT4N01RuqsYRy4',
         epub: 'SEA{"m":"\\"o29_EiQpDgAQnEPcbCikshRuNW0expuN9txQyFEcDfY.FsCtpaLI49sG3T8R6xHRoxf6BqaF6aU9PWVpKy5VWdg\\"","s":""}',
         auth: 'SEA{"m":"{\\"s\\":\\"ZA919TksRJJzGghC5Xm2zJS48vLGRM5QSjLVEREtNvtjjkKNfyTTLknKh4qkrwlJ\\"}","s":""}' } }

[go1dfish]

NO! Unverified data.

I experience this error for what appears to be all SEA data on notabug.io when I load SEA in my nodejs peers.

I've not tried creating users in nodejs

[amark]

@jadbox I'd love to continue this maybe on Tuesday, as a call or something? We made good progress first time around. Else I'm trying to improve RAD because so much of SEA depends upon storage working properly anyways. But I want to prioritize SEA if I can get involvement.

[jadbox]

@amark awesome, just msg on Gitter to set up a time! Excited to hear the drive to get Sea ramped up.

[amark]

@jadbox @go1dfish partial fix for this was released in 0.9.99992 (verifying signatures in NodeJS with SEA).

Signing signatures in NodeJS with SEA needed the same fix verifying required, a successful patch for this test has been made in the UPCOMING 0.9.99993 release. As soon as it is available (or pushed to GitHub), you should be good to go.

This wound up being a problem with anvilresearch/webcrypto#68 .

We have switched to ossl for now (and you'll be required to depend upon it as well).

Going to close, ahead of the release.

++ @jadbox how are things going??? We now have the Internet Archive (Wayback Machine parent) decentralized on us (they are #265 most popular website in the world! https://news.ycombinator.com/item?id=17685682 ) :D :D :D

[go1dfish]

Attempting to login in nodejs I consistently get:

Auth attempt failed! Reason: Failed to decrypt secret! 0/1

I've tried multiple accounts that all work in the browser.

var Gun = require("gun");
require("gun/sea");
gun = Gun("https://notabug.io/gun");
gun.user().auth("testuser2", "password", console.log)

Consistently I get:

> Auth attempt failed!
{ err: 'Auth attempt failed! Reason: Failed to decrypt secret! 0/1' }

[amark]

@go1dfish there are 3 errors happening.

If you clear your NodeJS storage, you get

1. no user I can confirm, the same issue relating to @mitra42 's nodeJS once behaves different from browser once #586 (comment) observation. How "not found" is dealt with in a NodeJS superpeer... is I'm not sure what is the best. Could you read that issue, and also comment?

2. pub key does not exist is now because we have the alias table cached on storage from running (1) which failed for once but finishes for .on (which happens internally). The item in the table is the pubkeys that correspond to the alias, so then we look up the alias... but same as (1) we get an instant "cannot find data on disk" from local NodeJS superpeer BEFORE we get the network response from other peers with data that is "found".
   This is generally why I don't like promise/once/pull-based logic, it doesn't have a good concept of "locality" when things are distributed underneath. So what is the "right" answer here? Just up timeouts?

3. failed to decrypt 0/1 now the pubkey account data is cached from (2), so we actually can attempt to decrypt. But something very clearly is inconsistent here or handled wrong compared to browser. Will look into more.

[go1dfish]

2. is a more widespread, harder issue and should be given its own issue. This sounds like something that can be fairly easily worked around in the meantime. I have some thoughts on how to approach this but I'd say this is lower priority and more difficult to solve most likely.

If you stick with promises, you probably want a way to fail or succeed in a way that indicates you've confirmed no local data, and provide the option to wait for remote data.

That seems to be the only sane approach for promises here (as opposed to on), in the case you want to wait for remote data you probably need an easy way to timeout as well has been my experience

[Dletta]

@amark Ahh, that makes sense now. In my mind I always thought and am now proven wrong, that since we pass the callback through, even if the ack comes back with 0, if data is received later the callback will be called with the data now provided. But now I realize the timeout actually removes the hook again, instead of keeping it in. (Which makes sense, since you might end up getting data from all the different peers and would keep doing your logic over and over again, for no reason...) But .on seems to work in that manner, where you might receive multiple acks from storage and from other peers, or is it the same way?

[amark]

Thanks @go1dfish , good thoughts.

@mhelander yeah: With @trust/webcrypto this:

Error: Unsupported state or unable to authenticate data
    at Decipheriv.final (crypto.js:183:26)
    at AES_GCM.decrypt (/Users/mark/Dropbox/Public/gun/gun/node_modules/@trust/webcrypto/src/algorithms/AES-GCM.js:194:53)
    at Promise (/Users/mark/Dropbox/Public/gun/gun/node_modules/@trust/webcrypto/src/SubtleCrypto.js:81:43)
    at new Promise (<anonymous>)
    at SubtleCrypto.decrypt (/Users/mark/Dropbox/Public/gun/gun/node_modules/@trust/webcrypto/src/SubtleCrypto.js:72:12)
    at aeskey.then (/Users/mark/Dropbox/Public/gun/gun/sea.js:534:53)
    at <anonymous>

and with ossl this:

 undefined TypeError: Cannot read property 'decryptGcm' of undefined
    at EncryptDecrypt.Promise (/Users/mark/Dropbox/Public/gun/gun/node_modules/node-webcrypto-ossl/buildjs/crypto/aes.js:121:35)
    at new Promise (<anonymous>)
    at Function.EncryptDecrypt (/Users/mark/Dropbox/Public/gun/gun/node_modules/node-webcrypto-ossl/buildjs/crypto/aes.js:102:16)
    at Function.decrypt (/Users/mark/Dropbox/Public/gun/gun/node_modules/node-webcrypto-ossl/buildjs/crypto/aes.js:98:25)
    at decrypt.apply.then (/Users/mark/Dropbox/Public/gun/gun/node_modules/node-webcrypto-ossl/buildjs/subtle.js:187:29)
    at <anonymous>

@mhelander ^

[amark]

@go1dfish @Dletta @jadbox this is now fixed, was issue with PBKDF2 differences. This thread is now closed out for good. Any new issues... please start a new thread.