From 204ff9af2a7697e346694218697e34d04ebadefa Mon Sep 17 00:00:00 2001 From: erinn Date: Tue, 14 Dec 2021 13:21:45 -0800 Subject: [PATCH 1/4] image previews wip --- functionality/filesharing/filesharing_functionality.go | 1 + 1 file changed, 1 insertion(+) diff --git a/functionality/filesharing/filesharing_functionality.go b/functionality/filesharing/filesharing_functionality.go index 8d76ddf..9dab08a 100644 --- a/functionality/filesharing/filesharing_functionality.go +++ b/functionality/filesharing/filesharing_functionality.go @@ -53,6 +53,7 @@ type OverlayMessage struct { Size uint64 `json:"s"` } + // FileKey is the unique reference to a file offer func (om *OverlayMessage) FileKey() string { return fmt.Sprintf("%s.%s", om.Hash, om.Nonce) From 46f32881b9bc1034e2e88305e084e813861934bf Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Fri, 17 Dec 2021 13:58:54 -0800 Subject: [PATCH 2/4] Port Change Password to new Storage Engine --- app/app.go | 5 ---- peer/cwtch_peer.go | 30 ++++++++++++++++++- peer/cwtchprofilestorage.go | 6 ++++ peer/profile_interface.go | 1 + testing/cwtch_peer_server_integration_test.go | 12 +++++++- 5 files changed, 47 insertions(+), 7 deletions(-) diff --git a/app/app.go b/app/app.go index 6c68e71..fe05c6b 100644 --- a/app/app.go +++ b/app/app.go @@ -36,7 +36,6 @@ type Application interface { CreateTaggedPeer(name string, password string, tag string) DeletePeer(onion string, currentPassword string) AddPeerPlugin(onion string, pluginID plugins.PluginID) - ChangePeerPassword(onion, oldpass, newpass string) LaunchPeers() GetPrimaryBus() event.Manager @@ -122,10 +121,6 @@ func (app *application) DeletePeer(onion string, password string) { app.appBus.Publish(event.NewEventList(event.AppError, event.Error, event.PasswordMatchError, event.Identity, onion)) } -func (app *application) ChangePeerPassword(onion, oldpass, newpass string) { - app.eventBuses[onion].Publish(event.NewEventList(event.ChangePassword, event.Password, oldpass, event.NewPassword, newpass)) -} - func (app *application) AddPeerPlugin(onion string, pluginID plugins.PluginID) { app.AddPlugin(onion, pluginID, app.eventBuses[onion], app.acn) } diff --git a/peer/cwtch_peer.go b/peer/cwtch_peer.go index f394fc5..5d1e57d 100644 --- a/peer/cwtch_peer.go +++ b/peer/cwtch_peer.go @@ -13,6 +13,8 @@ import ( "git.openprivacy.ca/openprivacy/connectivity" "git.openprivacy.ca/openprivacy/connectivity/tor" "golang.org/x/crypto/ed25519" + "io/ioutil" + path "path/filepath" "runtime" "strconv" "strings" @@ -80,6 +82,33 @@ func (cp *cwtchPeer) CheckPassword(password string) bool { return true } +func (cp *cwtchPeer) ChangePassword(password string, newpassword string, newpasswordAgain string) error { + cp.mutex.Lock() + defer cp.mutex.Unlock() + db, err := openEncryptedDatabase(cp.storage.ProfileDirectory, password, false) + if db == nil || err != nil { + return errors.New("invalid_password") + } + cps, err := NewCwtchProfileStorage(db, cp.storage.ProfileDirectory) + if err != nil { + return errors.New("invalid_password") + } + cps.Close() + + salt, err := ioutil.ReadFile(path.Join(cp.storage.ProfileDirectory, saltFile)) + if err != nil { + return err + } + + // probably redundant but we like api safety + if newpassword == newpasswordAgain { + rekey := createKey(newpassword, salt) + log.Infof("rekeying database...") + return cp.storage.Rekey(rekey) + } + return errors.New("passwords_do_not_match") +} + // GenerateProtocolEngine // Status: New in 1.5 func (cp *cwtchPeer) GenerateProtocolEngine(acn connectivity.ACN, bus event.Manager) (connections.Engine, error) { @@ -1147,7 +1176,6 @@ func (cp *cwtchPeer) eventHandler() { cp.mutex.Lock() cp.state[ev.Data[event.GroupServer]] = connections.ConnectionStateToType()[ev.Data[event.ConnectionState]] cp.mutex.Unlock() - default: if ev.EventType != "" { log.Errorf("peer event handler received an event it was not subscribed for: %v", ev.EventType) diff --git a/peer/cwtchprofilestorage.go b/peer/cwtchprofilestorage.go index 0a6e8ac..8d12571 100644 --- a/peer/cwtchprofilestorage.go +++ b/peer/cwtchprofilestorage.go @@ -762,3 +762,9 @@ func (cps *CwtchProfileStorage) Delete() { log.Errorf("error deleting profile directory", err) } } + +func (cps *CwtchProfileStorage) Rekey(newkey [32]byte) error { + // PRAGMA queries don't allow subs... + _, err := cps.db.Exec(fmt.Sprintf(`PRAGMA rekey="x'%x'";`, newkey)) + return err +} diff --git a/peer/profile_interface.go b/peer/profile_interface.go index e6a34d1..90a0b83 100644 --- a/peer/profile_interface.go +++ b/peer/profile_interface.go @@ -114,5 +114,6 @@ type CwtchPeer interface { ShareFile(fileKey string, serializedManifest string) CheckPassword(password string) bool + ChangePassword(oldpassword string, newpassword string, newpasswordAgain string) error Delete() } diff --git a/testing/cwtch_peer_server_integration_test.go b/testing/cwtch_peer_server_integration_test.go index 5b41bd0..a00ec0b 100644 --- a/testing/cwtch_peer_server_integration_test.go +++ b/testing/cwtch_peer_server_integration_test.go @@ -164,6 +164,17 @@ func TestCwtchPeerIntegration(t *testing.T) { alice.PeerWithOnion(bob.GetOnion()) alice.PeerWithOnion(carol.GetOnion()) + // Test that we can rekey alice without issues... + err = alice.ChangePassword("asdfasdf", "password 1 2 3", "password 1 2 3") + + if err != nil { + t.Fatalf("error changing password for Alice: %v", err) + } + + if !alice.CheckPassword("password 1 2 3") { + t.Fatalf("Alice password did not change...") + } + waitForConnection(t, alice, bob.GetOnion(), connections.AUTHENTICATED) waitForConnection(t, alice, carol.GetOnion(), connections.AUTHENTICATED) waitForConnection(t, bob, alice.GetOnion(), connections.AUTHENTICATED) @@ -342,7 +353,6 @@ func TestCwtchPeerIntegration(t *testing.T) { if numGoRoutinesStart != numGoRoutinesPostAppShutdown { t.Errorf("Number of GoRoutines at start (%v) does not match number of goRoutines after cleanup of peers and servers (%v), clean up failed, v detected!", numGoRoutinesStart, numGoRoutinesPostAppShutdown) } - } // Utility function for sending a message from a peer to a group From aa98ef0e5eee6b2bf611befdccb23dfa3e89fbb4 Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Sat, 18 Dec 2021 16:51:36 -0800 Subject: [PATCH 3/4] Add Constants --- functionality/filesharing/filesharing_functionality.go | 1 - model/constants/errors.go | 7 +++++++ peer/cwtch_peer.go | 6 +++--- 3 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 model/constants/errors.go diff --git a/functionality/filesharing/filesharing_functionality.go b/functionality/filesharing/filesharing_functionality.go index 9dab08a..8d76ddf 100644 --- a/functionality/filesharing/filesharing_functionality.go +++ b/functionality/filesharing/filesharing_functionality.go @@ -53,7 +53,6 @@ type OverlayMessage struct { Size uint64 `json:"s"` } - // FileKey is the unique reference to a file offer func (om *OverlayMessage) FileKey() string { return fmt.Sprintf("%s.%s", om.Hash, om.Nonce) diff --git a/model/constants/errors.go b/model/constants/errors.go new file mode 100644 index 0000000..7f41d4b --- /dev/null +++ b/model/constants/errors.go @@ -0,0 +1,7 @@ +package constants + +// InvalidPasswordError is returned when an incorrect password is provided to a function that requires the current active password +const InvalidPasswordError = "invalid_password_error" + +// PasswordsDoNotMatchError is returned when two passwords do not match +const PasswordsDoNotMatchError = "passwords_do_not_match" diff --git a/peer/cwtch_peer.go b/peer/cwtch_peer.go index 5d1e57d..459e4ec 100644 --- a/peer/cwtch_peer.go +++ b/peer/cwtch_peer.go @@ -87,11 +87,11 @@ func (cp *cwtchPeer) ChangePassword(password string, newpassword string, newpass defer cp.mutex.Unlock() db, err := openEncryptedDatabase(cp.storage.ProfileDirectory, password, false) if db == nil || err != nil { - return errors.New("invalid_password") + return errors.New(constants.InvalidPasswordError) } cps, err := NewCwtchProfileStorage(db, cp.storage.ProfileDirectory) if err != nil { - return errors.New("invalid_password") + return errors.New(constants.InvalidPasswordError) } cps.Close() @@ -106,7 +106,7 @@ func (cp *cwtchPeer) ChangePassword(password string, newpassword string, newpass log.Infof("rekeying database...") return cp.storage.Rekey(rekey) } - return errors.New("passwords_do_not_match") + return errors.New(constants.PasswordsDoNotMatchError) } // GenerateProtocolEngine From 8a273d3310f5b8862430b312096f63d7198289cc Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Sat, 18 Dec 2021 16:55:14 -0800 Subject: [PATCH 4/4] Rekey comment --- peer/cwtchprofilestorage.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/peer/cwtchprofilestorage.go b/peer/cwtchprofilestorage.go index 8d12571..d859c67 100644 --- a/peer/cwtchprofilestorage.go +++ b/peer/cwtchprofilestorage.go @@ -763,6 +763,9 @@ func (cps *CwtchProfileStorage) Delete() { } } +// Rekey re-encrypts the datastore with the new key. +// **note* this is technically a very dangerous API and should only be called after +// checks on the current password and the derived new password. func (cps *CwtchProfileStorage) Rekey(newkey [32]byte) error { // PRAGMA queries don't allow subs... _, err := cps.db.Exec(fmt.Sprintf(`PRAGMA rekey="x'%x'";`, newkey))