On branch profile-password
Changes to be committed: modified: app/app.go Added password parameters to app.go functions modified: app/cli/main.go Added password prompts to collect the password from user input Modified Load and New conditions modified: peer/cwtch_peer.go Created CreateKey, DecryptProfile, and EncryptProfile functions Implemented these functions in the functions CwtchNewProfile CwtchLoadProfile Save
This commit is contained in:
parent
3215478757
commit
13b5d17214
|
@ -12,8 +12,8 @@ type Application struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewProfile creates a new cwtchPeer with a given name.
|
// NewProfile creates a new cwtchPeer with a given name.
|
||||||
func (app *Application) NewProfile(name string, filename string) error {
|
func (app *Application) NewProfile(name string, filename string, password string) error {
|
||||||
profile := peer.NewCwtchPeer(name)
|
profile := peer.NewCwtchPeer(name, password)
|
||||||
app.Peer = profile
|
app.Peer = profile
|
||||||
err := profile.Save(filename)
|
err := profile.Save(filename)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
@ -35,7 +35,10 @@ func (app *Application) NewProfile(name string, filename string) error {
|
||||||
|
|
||||||
// SetProfile loads an existing profile from the given filename.
|
// SetProfile loads an existing profile from the given filename.
|
||||||
func (app *Application) SetProfile(filename string) error {
|
func (app *Application) SetProfile(filename string) error {
|
||||||
profile, err := peer.LoadCwtchPeer(filename)
|
profile, err := peer.LoadCwtchPeer(filename, password)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
app.Peer = profile
|
app.Peer = profile
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
|
||||||
|
|
|
@ -180,22 +180,49 @@ func main() {
|
||||||
quit = true
|
quit = true
|
||||||
case "new-profile":
|
case "new-profile":
|
||||||
if len(commands) == 3 {
|
if len(commands) == 3 {
|
||||||
err := app.NewProfile(commands[1], commands[2])
|
fmt.Print("** WARNING: PASSWORDS CANNOT BE RECOVERED! **\n")
|
||||||
|
|
||||||
|
password := ""
|
||||||
|
failcount := 0;
|
||||||
|
for ; failcount < 3; failcount++ {
|
||||||
|
fmt.Print("Enter a password to encrypt the profile: ")
|
||||||
|
bytePassword, _ := terminal.ReadPassword(int(syscall.Stdin))
|
||||||
|
if string(bytePassword) == "" {
|
||||||
|
fmt.Print("\nBlank password not allowed.")
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
fmt.Print("\nRe-enter password: ")
|
||||||
|
bytePassword2, _ := terminal.ReadPassword(int(syscall.Stdin))
|
||||||
|
if(bytes.Equal(bytePassword, bytePassword2)){
|
||||||
|
password = string(bytePassword)
|
||||||
|
break
|
||||||
|
}else{
|
||||||
|
fmt.Print("\nPASSWORDS DIDN'T MATCH! Try again.\n")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(failcount >= 3){
|
||||||
|
fmt.Printf("Error creating profile for %v: Your password entries must match!\n", commands[1])
|
||||||
|
}else{
|
||||||
|
err := app.NewProfile(commands[1], commands[2], password)
|
||||||
profilefile = commands[2]
|
profilefile = commands[2]
|
||||||
if err == nil {
|
if err == nil {
|
||||||
fmt.Printf("New profile created for %v\n", commands[1])
|
fmt.Printf("\nNew profile created for %v\n", commands[1])
|
||||||
} else {
|
} else {
|
||||||
fmt.Printf("Error creating profile for %v: %v\n", commands[1], err)
|
fmt.Printf("\nError creating profile for %v: %v\n", commands[1], err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
fmt.Printf("Error creating NewProfile, usage: %s\n", usages["new-profile"])
|
fmt.Printf("Error creating NewProfile, usage: %s\n", usages["new-profile"])
|
||||||
}
|
}
|
||||||
case "load-profile":
|
case "load-profile":
|
||||||
if len(commands) == 2 {
|
if len(commands) == 2 {
|
||||||
err := app.SetProfile(commands[1])
|
fmt.Print("Enter a password to decrypt the profile: ")
|
||||||
profilefile = commands[1]
|
bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
|
||||||
|
err = app.SetProfile(commands[1], string(bytePassword))
|
||||||
if err == nil {
|
if err == nil {
|
||||||
fmt.Printf("Loaded profile for %v\n", commands[1])
|
fmt.Printf("\nLoaded profile for %v\n", commands[1])
|
||||||
|
profilefile = commands[1]
|
||||||
} else {
|
} else {
|
||||||
fmt.Printf("Error loading profile for %v: %v\n", commands[1], err)
|
fmt.Printf("Error loading profile for %v: %v\n", commands[1], err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,6 +65,57 @@ type CwtchPeerInterface interface {
|
||||||
Shutdown()
|
Shutdown()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CreateHash hashes the user's password to a length suitable for file encryption
|
||||||
|
func CreateKey(key string) ([32]byte, [128]byte) {
|
||||||
|
var salt [128]byte
|
||||||
|
if _, err := io.ReadFull(rand.Reader, salt[:]);
|
||||||
|
err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
dk := pbkdf2.Key([]byte(key), salt[:], 4096, 32, sha3.New512)
|
||||||
|
|
||||||
|
var dkr [32]byte
|
||||||
|
copy(dkr[:], dk)
|
||||||
|
return dkr, salt
|
||||||
|
}
|
||||||
|
|
||||||
|
//EncryptMessage takes a message and encrypts the message under the group key.
|
||||||
|
func EncryptProfile(p *CwtchPeer, password [32]byte) []byte {
|
||||||
|
var nonce [24]byte
|
||||||
|
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
//copy Peer struct, then remove password and save the copy
|
||||||
|
cpc := &CwtchPeer{}
|
||||||
|
deepcopier.Copy(p).To(cpc)
|
||||||
|
var blankpass [32]byte
|
||||||
|
var blanksalt [128]byte
|
||||||
|
cpc.password = blankpass
|
||||||
|
cpc.salt = blanksalt
|
||||||
|
bytes, _ := json.Marshal(cpc)
|
||||||
|
|
||||||
|
encrypted := secretbox.Seal(nonce[:], []byte(bytes), &nonce, &password)
|
||||||
|
return encrypted
|
||||||
|
}
|
||||||
|
|
||||||
|
//EncryptMessage takes a message and encrypts the message under the group key.
|
||||||
|
func DecryptProfile(ciphertext []byte, password [32]byte) (error, *CwtchPeer){
|
||||||
|
|
||||||
|
var decryptNonce [24]byte
|
||||||
|
copy(decryptNonce[:], ciphertext[:24])
|
||||||
|
decrypted, ok := secretbox.Open(nil, ciphertext[24:], &decryptNonce, &password)
|
||||||
|
if ok {
|
||||||
|
cp := &CwtchPeer{}
|
||||||
|
err := json.Unmarshal(decrypted, &cp)
|
||||||
|
if err == nil {
|
||||||
|
return nil, cp
|
||||||
|
} else {
|
||||||
|
return err, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return fmt.Errorf("Failed to decrypt"), nil
|
||||||
|
}
|
||||||
|
|
||||||
func (cp *cwtchPeer) setup() {
|
func (cp *cwtchPeer) setup() {
|
||||||
cp.Log = make(chan string)
|
cp.Log = make(chan string)
|
||||||
cp.connectionsManager = connections.NewConnectionsManager()
|
cp.connectionsManager = connections.NewConnectionsManager()
|
||||||
|
@ -85,32 +136,48 @@ func (cp *cwtchPeer) setup() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewCwtchPeer creates and returns a new cwtchPeer with the given name.
|
// NewCwtchPeer creates and returns a new CwtchPeer with the given name.
|
||||||
func NewCwtchPeer(name string) CwtchPeerInterface {
|
func NewCwtchPeer(name string, password string) *CwtchPeer {
|
||||||
cp := new(cwtchPeer)
|
cp := new(CwtchPeer)
|
||||||
cp.Profile = model.GenerateNewProfile(name)
|
cp.Profile = model.GenerateNewProfile(name)
|
||||||
cp.setup()
|
cp.setup()
|
||||||
|
pass, salt := CreateKey(password)
|
||||||
|
cp.password = pass
|
||||||
|
cp.salt = salt
|
||||||
return cp
|
return cp
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save saves the cwtchPeer profile state to a file.
|
// Save saves the CwtchPeer profile state to a file.
|
||||||
func (cp *cwtchPeer) Save(profilefile string) error {
|
func (cp *CwtchPeer) Save(profilefile string) error {
|
||||||
cp.mutex.Lock()
|
cp.mutex.Lock()
|
||||||
bytes, _ := json.MarshalIndent(cp, "", "\t")
|
encryptedbytes := EncryptProfile(cp, cp.password)
|
||||||
err := ioutil.WriteFile(profilefile, bytes, 0600)
|
encryptedbytes = append(cp.salt[:],encryptedbytes...)
|
||||||
|
err := ioutil.WriteFile(profilefile, encryptedbytes, 0600)
|
||||||
cp.profilefile = profilefile
|
cp.profilefile = profilefile
|
||||||
cp.mutex.Unlock()
|
cp.mutex.Unlock()
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadCwtchPeer loads an existing cwtchPeer from a file.
|
// LoadCwtchPeer loads an existing CwtchPeer from a file. CHECK METHOD RETURN
|
||||||
func LoadCwtchPeer(profilefile string) (CwtchPeerInterface, error) {
|
func LoadCwtchPeer(profilefile string, password string) (*CwtchPeer, error) {
|
||||||
bytes, _ := ioutil.ReadFile(profilefile)
|
encryptedbytes, _ := ioutil.ReadFile(profilefile)
|
||||||
cp := new(cwtchPeer)
|
|
||||||
err := json.Unmarshal(bytes, &cp)
|
//get the salt
|
||||||
|
salt, encryptedbytes := encryptedbytes[0:128], encryptedbytes[128:]
|
||||||
|
|
||||||
|
dk := pbkdf2.Key([]byte(password), salt, 4096, 32, sha3.New512)
|
||||||
|
var dkr [32]byte
|
||||||
|
copy(dkr[:], dk)
|
||||||
|
|
||||||
|
err, cp := DecryptProfile(encryptedbytes, dkr)
|
||||||
|
if err == nil {
|
||||||
cp.setup()
|
cp.setup()
|
||||||
cp.profilefile = profilefile
|
cp.profilefile = profilefile
|
||||||
return cp, err
|
cp.password = dkr
|
||||||
|
return cp, nil
|
||||||
|
} else {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// ImportGroup intializes a group from an imported source rather than a peer invite
|
// ImportGroup intializes a group from an imported source rather than a peer invite
|
||||||
|
|
Loading…
Reference in New Issue