Compare commits
7 Commits
master
...
profile-pa
Author | SHA1 | Date |
---|---|---|
Angus Champion de Crespigny | 15af12fdf1 | |
Angus Champion de Crespigny | 271f5b9810 | |
Angus Champion de Crespigny | 582342c3ed | |
Angus Champion de Crespigny | 7e73171322 | |
Angus Champion de Crespigny | ad996d4fd0 | |
Angus Champion de Crespigny | 26043e8b7a | |
Angus Champion de Crespigny | c8d29f053a |
11
app/app.go
11
app/app.go
|
@ -12,8 +12,8 @@ type Application struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewProfile creates a new cwtchPeer with a given name.
|
// NewProfile creates a new cwtchPeer with a given name.
|
||||||
func (app *Application) NewProfile(name string, filename string) error {
|
func (app *Application) NewProfile(name string, filename string, password string) error {
|
||||||
profile := peer.NewCwtchPeer(name)
|
profile := peer.NewCwtchPeer(name, password)
|
||||||
app.Peer = profile
|
app.Peer = profile
|
||||||
err := profile.Save(filename)
|
err := profile.Save(filename)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
@ -34,8 +34,11 @@ func (app *Application) NewProfile(name string, filename string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProfile loads an existing profile from the given filename.
|
// SetProfile loads an existing profile from the given filename.
|
||||||
func (app *Application) SetProfile(filename string) error {
|
func (app *Application) SetProfile(filename string, password string) error {
|
||||||
profile, err := peer.LoadCwtchPeer(filename)
|
profile, err := peer.LoadCwtchPeer(filename, password)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
app.Peer = profile
|
app.Peer = profile
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,10 @@ import (
|
||||||
"github.com/c-bata/go-prompt"
|
"github.com/c-bata/go-prompt"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"bytes"
|
||||||
|
"golang.org/x/crypto/ssh/terminal"
|
||||||
|
"syscall"
|
||||||
)
|
)
|
||||||
|
|
||||||
var app app2.Application
|
var app app2.Application
|
||||||
|
@ -121,28 +125,28 @@ func main() {
|
||||||
|
|
||||||
cwtch :=
|
cwtch :=
|
||||||
`
|
`
|
||||||
#, #'
|
#, #'
|
||||||
@@@@@@:
|
@@@@@@:
|
||||||
@@@@@@.
|
@@@@@@.
|
||||||
@'@@+#' @@@@+
|
@'@@+#' @@@@+
|
||||||
''''''@ #+@ :
|
''''''@ #+@ :
|
||||||
@''''+;+' . '
|
@''''+;+' . '
|
||||||
@''@' :+' , ; ##, +'
|
@''@' :+' , ; ##, +'
|
||||||
,@@ ;' #'#@''. #''@''#
|
,@@ ;' #'#@''. #''@''#
|
||||||
# ''''''#:,,#'''''@
|
# ''''''#:,,#'''''@
|
||||||
: @''''@ :+'''@
|
: @''''@ :+'''@
|
||||||
' @;+'@ @'#
|
' @;+'@ @'#
|
||||||
.:# '#..# '# @
|
.:# '#..# '# @
|
||||||
@@@@@@
|
@@@@@@
|
||||||
@@@@@@
|
@@@@@@
|
||||||
'@@@@
|
'@@@@
|
||||||
@# . .
|
@# . .
|
||||||
+++, #'@+'@
|
+++, #'@+'@
|
||||||
''', ''''''#
|
''', ''''''#
|
||||||
.#+# ''', @'''+,
|
.#+# ''', @'''+,
|
||||||
@''# ''', .#@
|
@''# ''', .#@
|
||||||
:; '@''# .;. ''', ' : ;. ,
|
:; '@''# .;. ''', ' : ;. ,
|
||||||
@+'''@ '+'+ @++ @+'@+''''+@ #+'''#: ''';#''+@ @@@@ @@@@@@@@@ :@@@@#
|
@+'''@ '+'+ @++ @+'@+''''+@ #+'''#: ''';#''+@ @@@@ @@@@@@@@@ :@@@@#
|
||||||
#''''''# +''. +'': +'''''''''+ @'''''''# '''+'''''@ @@@@ @@@@@@@@@@@@@@@@:
|
#''''''# +''. +'': +'''''''''+ @'''''''# '''+'''''@ @@@@ @@@@@@@@@@@@@@@@:
|
||||||
@'''@@'''@ @''# ,'''@ ''+ @@''+#+ :'''@@+''' ''''@@'''' @@@@ @@@@@@@@@@@@@@@@@
|
@'''@@'''@ @''# ,'''@ ''+ @@''+#+ :'''@@+''' ''''@@'''' @@@@ @@@@@@@@@@@@@@@@@
|
||||||
'''# @''# +''@ @'''# ;''@ +''+ @''@ ,+'', '''@ #'''. @@@@ @@@@ '@@@# @@@@
|
'''# @''# +''@ @'''# ;''@ +''+ @''@ ,+'', '''@ #'''. @@@@ @@@@ '@@@# @@@@
|
||||||
|
@ -180,22 +184,49 @@ func main() {
|
||||||
quit = true
|
quit = true
|
||||||
case "new-profile":
|
case "new-profile":
|
||||||
if len(commands) == 3 {
|
if len(commands) == 3 {
|
||||||
err := app.NewProfile(commands[1], commands[2])
|
fmt.Print("** WARNING: PASSWORDS CANNOT BE RECOVERED! **\n")
|
||||||
profilefile = commands[2]
|
|
||||||
if err == nil {
|
password := ""
|
||||||
fmt.Printf("New profile created for %v\n", commands[1])
|
failcount := 0
|
||||||
|
for ; failcount < 3; failcount++ {
|
||||||
|
fmt.Print("Enter a password to encrypt the profile: ")
|
||||||
|
bytePassword, _ := terminal.ReadPassword(int(syscall.Stdin))
|
||||||
|
if string(bytePassword) == "" {
|
||||||
|
fmt.Print("\nBlank password not allowed.")
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
fmt.Print("\nRe-enter password: ")
|
||||||
|
bytePassword2, _ := terminal.ReadPassword(int(syscall.Stdin))
|
||||||
|
if bytes.Equal(bytePassword, bytePassword2) {
|
||||||
|
password = string(bytePassword)
|
||||||
|
break
|
||||||
|
} else {
|
||||||
|
fmt.Print("\nPASSWORDS DIDN'T MATCH! Try again.\n")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if failcount >= 3 {
|
||||||
|
fmt.Printf("Error creating profile for %v: Your password entries must match!\n", commands[1])
|
||||||
} else {
|
} else {
|
||||||
fmt.Printf("Error creating profile for %v: %v\n", commands[1], err)
|
err := app.NewProfile(commands[1], commands[2], password)
|
||||||
|
profilefile = commands[2]
|
||||||
|
if err == nil {
|
||||||
|
fmt.Printf("\nNew profile created for %v\n", commands[1])
|
||||||
|
} else {
|
||||||
|
fmt.Printf("\nError creating profile for %v: %v\n", commands[1], err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
fmt.Printf("Error creating NewProfile, usage: %s\n", usages["new-profile"])
|
fmt.Printf("Error creating NewProfile, usage: %s\n", usages["new-profile"])
|
||||||
}
|
}
|
||||||
case "load-profile":
|
case "load-profile":
|
||||||
if len(commands) == 2 {
|
if len(commands) == 2 {
|
||||||
err := app.SetProfile(commands[1])
|
fmt.Print("Enter a password to decrypt the profile: ")
|
||||||
profilefile = commands[1]
|
bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
|
||||||
|
err = app.SetProfile(commands[1], string(bytePassword))
|
||||||
if err == nil {
|
if err == nil {
|
||||||
fmt.Printf("Loaded profile for %v\n", commands[1])
|
fmt.Printf("\nLoaded profile for %v\n", commands[1])
|
||||||
|
profilefile = commands[1]
|
||||||
} else {
|
} else {
|
||||||
fmt.Printf("Error loading profile for %v: %v\n", commands[1], err)
|
fmt.Printf("Error loading profile for %v: %v\n", commands[1], err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package peer
|
package peer
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/rand"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"cwtch.im/cwtch/model"
|
"cwtch.im/cwtch/model"
|
||||||
"cwtch.im/cwtch/peer/connections"
|
"cwtch.im/cwtch/peer/connections"
|
||||||
|
@ -9,11 +10,17 @@ import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"github.com/golang/protobuf/proto"
|
"fmt"
|
||||||
"git.openprivacy.ca/openprivacy/libricochet-go/application"
|
"git.openprivacy.ca/openprivacy/libricochet-go/application"
|
||||||
"git.openprivacy.ca/openprivacy/libricochet-go/channels"
|
"git.openprivacy.ca/openprivacy/libricochet-go/channels"
|
||||||
"git.openprivacy.ca/openprivacy/libricochet-go/connection"
|
"git.openprivacy.ca/openprivacy/libricochet-go/connection"
|
||||||
|
"github.com/golang/protobuf/proto"
|
||||||
|
"github.com/ulule/deepcopier"
|
||||||
"golang.org/x/crypto/ed25519"
|
"golang.org/x/crypto/ed25519"
|
||||||
|
"golang.org/x/crypto/nacl/secretbox"
|
||||||
|
"golang.org/x/crypto/pbkdf2"
|
||||||
|
"golang.org/x/crypto/sha3"
|
||||||
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -29,6 +36,8 @@ type cwtchPeer struct {
|
||||||
Log chan string `json:"-"`
|
Log chan string `json:"-"`
|
||||||
connectionsManager *connections.Manager
|
connectionsManager *connections.Manager
|
||||||
profilefile string
|
profilefile string
|
||||||
|
key [32]byte
|
||||||
|
salt [128]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// CwtchPeerInterface provides us with a way of testing systems built on top of cwtch without having to
|
// CwtchPeerInterface provides us with a way of testing systems built on top of cwtch without having to
|
||||||
|
@ -65,6 +74,57 @@ type CwtchPeerInterface interface {
|
||||||
Shutdown()
|
Shutdown()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// createKey derives a key and salt for use in encrypting cwtchPeers
|
||||||
|
func createKey(password string) ([32]byte, [128]byte) {
|
||||||
|
var salt [128]byte
|
||||||
|
if _, err := io.ReadFull(rand.Reader, salt[:]); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
dk := pbkdf2.Key([]byte(password), salt[:], 4096, 32, sha3.New512)
|
||||||
|
|
||||||
|
var dkr [32]byte
|
||||||
|
copy(dkr[:], dk)
|
||||||
|
return dkr, salt
|
||||||
|
}
|
||||||
|
|
||||||
|
//encryptProfile encrypts the cwtchPeer via the specified key.
|
||||||
|
func encryptProfile(p *cwtchPeer, key [32]byte) []byte {
|
||||||
|
var nonce [24]byte
|
||||||
|
|
||||||
|
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
//copy the struct, then remove the key and salt before saving the copy
|
||||||
|
cpc := &cwtchPeer{}
|
||||||
|
deepcopier.Copy(p).To(cpc)
|
||||||
|
var blankkey [32]byte
|
||||||
|
var blanksalt [128]byte
|
||||||
|
cpc.key = blankkey
|
||||||
|
cpc.salt = blanksalt
|
||||||
|
bytes, _ := json.Marshal(cpc)
|
||||||
|
encrypted := secretbox.Seal(nonce[:], []byte(bytes), &nonce, &key)
|
||||||
|
return encrypted
|
||||||
|
}
|
||||||
|
|
||||||
|
//decryptProfile decrypts the passed ciphertext into a cwtchPeer via the specified key.
|
||||||
|
func decryptProfile(ciphertext []byte, key [32]byte) (error, *cwtchPeer) {
|
||||||
|
|
||||||
|
var decryptNonce [24]byte
|
||||||
|
copy(decryptNonce[:], ciphertext[:24])
|
||||||
|
decrypted, ok := secretbox.Open(nil, ciphertext[24:], &decryptNonce, &key)
|
||||||
|
if ok {
|
||||||
|
cp := &cwtchPeer{}
|
||||||
|
err := json.Unmarshal(decrypted, &cp)
|
||||||
|
if err == nil {
|
||||||
|
return nil, cp
|
||||||
|
} else {
|
||||||
|
return err, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return fmt.Errorf("Failed to decrypt"), nil
|
||||||
|
}
|
||||||
|
|
||||||
func (cp *cwtchPeer) setup() {
|
func (cp *cwtchPeer) setup() {
|
||||||
cp.Log = make(chan string)
|
cp.Log = make(chan string)
|
||||||
cp.connectionsManager = connections.NewConnectionsManager()
|
cp.connectionsManager = connections.NewConnectionsManager()
|
||||||
|
@ -86,31 +146,54 @@ func (cp *cwtchPeer) setup() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewCwtchPeer creates and returns a new cwtchPeer with the given name.
|
// NewCwtchPeer creates and returns a new cwtchPeer with the given name.
|
||||||
func NewCwtchPeer(name string) CwtchPeerInterface {
|
func NewCwtchPeer(name string, password string) CwtchPeerInterface {
|
||||||
cp := new(cwtchPeer)
|
cp := new(cwtchPeer)
|
||||||
cp.Profile = model.GenerateNewProfile(name)
|
cp.Profile = model.GenerateNewProfile(name)
|
||||||
cp.setup()
|
cp.setup()
|
||||||
|
key, salt := createKey(password)
|
||||||
|
cp.key = key
|
||||||
|
cp.salt = salt
|
||||||
return cp
|
return cp
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save saves the cwtchPeer profile state to a file.
|
// Save saves the cwtchPeer profile state to a file.
|
||||||
func (cp *cwtchPeer) Save(profilefile string) error {
|
func (cp *cwtchPeer) Save(profilefile string) error {
|
||||||
cp.mutex.Lock()
|
cp.mutex.Lock()
|
||||||
bytes, _ := json.MarshalIndent(cp, "", "\t")
|
encryptedbytes := encryptProfile(cp, cp.key)
|
||||||
err := ioutil.WriteFile(profilefile, bytes, 0600)
|
|
||||||
|
// the salt for the derived key is appended to the front of the file
|
||||||
|
encryptedbytes = append(cp.salt[:], encryptedbytes...)
|
||||||
|
err := ioutil.WriteFile(profilefile, encryptedbytes, 0600)
|
||||||
cp.profilefile = profilefile
|
cp.profilefile = profilefile
|
||||||
cp.mutex.Unlock()
|
cp.mutex.Unlock()
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadCwtchPeer loads an existing cwtchPeer from a file.
|
// LoadCwtchPeer loads an existing cwtchPeer from a file.
|
||||||
func LoadCwtchPeer(profilefile string) (CwtchPeerInterface, error) {
|
func LoadCwtchPeer(profilefile string, password string) (CwtchPeerInterface, error) {
|
||||||
bytes, _ := ioutil.ReadFile(profilefile)
|
encryptedbytes, _ := ioutil.ReadFile(profilefile)
|
||||||
cp := new(cwtchPeer)
|
|
||||||
err := json.Unmarshal(bytes, &cp)
|
var dkr [32]byte
|
||||||
cp.setup()
|
var salty [128]byte
|
||||||
cp.profilefile = profilefile
|
|
||||||
return cp, err
|
//Separate the salt from the encrypted bytes, then generate the derived key
|
||||||
|
salt, encryptedbytes := encryptedbytes[0:128], encryptedbytes[128:]
|
||||||
|
dk := pbkdf2.Key([]byte(password), salt, 4096, 32, sha3.New512)
|
||||||
|
|
||||||
|
//cast to arrays
|
||||||
|
copy(dkr[:], dk)
|
||||||
|
copy(salty[:], salt)
|
||||||
|
|
||||||
|
err, cp := decryptProfile(encryptedbytes, dkr)
|
||||||
|
if err == nil {
|
||||||
|
cp.setup()
|
||||||
|
cp.profilefile = profilefile
|
||||||
|
cp.key = dkr
|
||||||
|
cp.salt = salty
|
||||||
|
return cp, nil
|
||||||
|
} else {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// ImportGroup intializes a group from an imported source rather than a peer invite
|
// ImportGroup intializes a group from an imported source rather than a peer invite
|
||||||
|
|
|
@ -6,10 +6,10 @@ import (
|
||||||
|
|
||||||
func TestCwtchPeerGenerate(t *testing.T) {
|
func TestCwtchPeerGenerate(t *testing.T) {
|
||||||
|
|
||||||
alice := NewCwtchPeer("alice")
|
alice := NewCwtchPeer("alice","testpass")
|
||||||
alice.Save("./test_profile")
|
alice.Save("./test_profile")
|
||||||
|
|
||||||
aliceLoaded, err := LoadCwtchPeer("./test_profile")
|
aliceLoaded, err := LoadCwtchPeer("./test_profile","testpass")
|
||||||
if err != nil || aliceLoaded.GetProfile().Name != "alice" {
|
if err != nil || aliceLoaded.GetProfile().Name != "alice" {
|
||||||
t.Errorf("something went wrong saving and loading profiles %v %v", err, aliceLoaded)
|
t.Errorf("something went wrong saving and loading profiles %v %v", err, aliceLoaded)
|
||||||
}
|
}
|
||||||
|
|
|
@ -143,17 +143,17 @@ func TestCwtchPeerIntegration(t *testing.T) {
|
||||||
// ***** Peer setup *****
|
// ***** Peer setup *****
|
||||||
|
|
||||||
fmt.Println("Creating Alice...")
|
fmt.Println("Creating Alice...")
|
||||||
alice := peer.NewCwtchPeer("Alice")
|
alice := peer.NewCwtchPeer("Alice","alicepass")
|
||||||
go alice.Listen()
|
go alice.Listen()
|
||||||
fmt.Println("Alice created:", alice.GetProfile().Onion)
|
fmt.Println("Alice created:", alice.GetProfile().Onion)
|
||||||
|
|
||||||
fmt.Println("Creating Bob...")
|
fmt.Println("Creating Bob...")
|
||||||
bob := peer.NewCwtchPeer("Bob")
|
bob := peer.NewCwtchPeer("Bob","bobpass")
|
||||||
go bob.Listen()
|
go bob.Listen()
|
||||||
fmt.Println("Bob created:", bob.GetProfile().Onion)
|
fmt.Println("Bob created:", bob.GetProfile().Onion)
|
||||||
|
|
||||||
fmt.Println("Creating Carol...")
|
fmt.Println("Creating Carol...")
|
||||||
carol := peer.NewCwtchPeer("Carol")
|
carol := peer.NewCwtchPeer("Carol","carolpass")
|
||||||
go carol.Listen()
|
go carol.Listen()
|
||||||
fmt.Println("Carol created:", carol.GetProfile().Onion)
|
fmt.Println("Carol created:", carol.GetProfile().Onion)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue