Compare commits
7 Commits
master
...
profile-pa
| Author | SHA1 | Date |
|---|---|---|
 Angus Champion de Crespigny
|
15af12fdf1 | |
|
Angus Champion de Crespigny
|
271f5b9810 | |
|
Angus Champion de Crespigny
|
582342c3ed | |
|
Angus Champion de Crespigny
|
7e73171322 | |
|
Angus Champion de Crespigny
|
ad996d4fd0 | |
|
Angus Champion de Crespigny
|
26043e8b7a | |
|
Angus Champion de Crespigny
|
c8d29f053a |
11
app/app.go
11
app/app.go
|
|
@ -12,8 +12,8 @@ type Application struct {
|
|||
}
|
||||
|
||||
// NewProfile creates a new cwtchPeer with a given name.
|
||||
func (app *Application) NewProfile(name string, filename string) error {
|
||||
profile := peer.NewCwtchPeer(name)
|
||||
func (app *Application) NewProfile(name string, filename string, password string) error {
|
||||
profile := peer.NewCwtchPeer(name, password)
|
||||
app.Peer = profile
|
||||
err := profile.Save(filename)
|
||||
if err == nil {
|
||||
|
|
@ -34,8 +34,11 @@ func (app *Application) NewProfile(name string, filename string) error {
|
|||
}
|
||||
|
||||
// SetProfile loads an existing profile from the given filename.
|
||||
func (app *Application) SetProfile(filename string) error {
|
||||
profile, err := peer.LoadCwtchPeer(filename)
|
||||
func (app *Application) SetProfile(filename string, password string) error {
|
||||
profile, err := peer.LoadCwtchPeer(filename, password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
app.Peer = profile
|
||||
if err == nil {
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,10 @@ import (
|
|||
"github.com/c-bata/go-prompt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"bytes"
|
||||
"golang.org/x/crypto/ssh/terminal"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
var app app2.Application
|
||||
|
|
@ -121,28 +125,28 @@ func main() {
|
|||
|
||||
cwtch :=
|
||||
`
|
||||
#, #'
|
||||
@@@@@@:
|
||||
@@@@@@.
|
||||
@'@@+#' @@@@+
|
||||
''''''@ #+@ :
|
||||
@''''+;+' . '
|
||||
@''@' :+' , ; ##, +'
|
||||
,@@ ;' #'#@''. #''@''#
|
||||
# ''''''#:,,#'''''@
|
||||
: @''''@ :+'''@
|
||||
' @;+'@ @'#
|
||||
.:# '#..# '# @
|
||||
@@@@@@
|
||||
@@@@@@
|
||||
'@@@@
|
||||
@# . .
|
||||
+++, #'@+'@
|
||||
''', ''''''#
|
||||
.#+# ''', @'''+,
|
||||
@''# ''', .#@
|
||||
:; '@''# .;. ''', ' : ;. ,
|
||||
@+'''@ '+'+ @++ @+'@+''''+@ #+'''#: ''';#''+@ @@@@ @@@@@@@@@ :@@@@#
|
||||
#, #'
|
||||
@@@@@@:
|
||||
@@@@@@.
|
||||
@'@@+#' @@@@+
|
||||
''''''@ #+@ :
|
||||
@''''+;+' . '
|
||||
@''@' :+' , ; ##, +'
|
||||
,@@ ;' #'#@''. #''@''#
|
||||
# ''''''#:,,#'''''@
|
||||
: @''''@ :+'''@
|
||||
' @;+'@ @'#
|
||||
.:# '#..# '# @
|
||||
@@@@@@
|
||||
@@@@@@
|
||||
'@@@@
|
||||
@# . .
|
||||
+++, #'@+'@
|
||||
''', ''''''#
|
||||
.#+# ''', @'''+,
|
||||
@''# ''', .#@
|
||||
:; '@''# .;. ''', ' : ;. ,
|
||||
@+'''@ '+'+ @++ @+'@+''''+@ #+'''#: ''';#''+@ @@@@ @@@@@@@@@ :@@@@#
|
||||
#''''''# +''. +'': +'''''''''+ @'''''''# '''+'''''@ @@@@ @@@@@@@@@@@@@@@@:
|
||||
@'''@@'''@ @''# ,'''@ ''+ @@''+#+ :'''@@+''' ''''@@'''' @@@@ @@@@@@@@@@@@@@@@@
|
||||
'''# @''# +''@ @'''# ;''@ +''+ @''@ ,+'', '''@ #'''. @@@@ @@@@ '@@@# @@@@
|
||||
|
|
@ -180,22 +184,49 @@ func main() {
|
|||
quit = true
|
||||
case "new-profile":
|
||||
if len(commands) == 3 {
|
||||
err := app.NewProfile(commands[1], commands[2])
|
||||
profilefile = commands[2]
|
||||
if err == nil {
|
||||
fmt.Printf("New profile created for %v\n", commands[1])
|
||||
fmt.Print("** WARNING: PASSWORDS CANNOT BE RECOVERED! **\n")
|
||||
|
||||
password := ""
|
||||
failcount := 0
|
||||
for ; failcount < 3; failcount++ {
|
||||
fmt.Print("Enter a password to encrypt the profile: ")
|
||||
bytePassword, _ := terminal.ReadPassword(int(syscall.Stdin))
|
||||
if string(bytePassword) == "" {
|
||||
fmt.Print("\nBlank password not allowed.")
|
||||
continue
|
||||
}
|
||||
fmt.Print("\nRe-enter password: ")
|
||||
bytePassword2, _ := terminal.ReadPassword(int(syscall.Stdin))
|
||||
if bytes.Equal(bytePassword, bytePassword2) {
|
||||
password = string(bytePassword)
|
||||
break
|
||||
} else {
|
||||
fmt.Print("\nPASSWORDS DIDN'T MATCH! Try again.\n")
|
||||
}
|
||||
}
|
||||
|
||||
if failcount >= 3 {
|
||||
fmt.Printf("Error creating profile for %v: Your password entries must match!\n", commands[1])
|
||||
} else {
|
||||
fmt.Printf("Error creating profile for %v: %v\n", commands[1], err)
|
||||
err := app.NewProfile(commands[1], commands[2], password)
|
||||
profilefile = commands[2]
|
||||
if err == nil {
|
||||
fmt.Printf("\nNew profile created for %v\n", commands[1])
|
||||
} else {
|
||||
fmt.Printf("\nError creating profile for %v: %v\n", commands[1], err)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
fmt.Printf("Error creating NewProfile, usage: %s\n", usages["new-profile"])
|
||||
}
|
||||
case "load-profile":
|
||||
if len(commands) == 2 {
|
||||
err := app.SetProfile(commands[1])
|
||||
profilefile = commands[1]
|
||||
fmt.Print("Enter a password to decrypt the profile: ")
|
||||
bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
|
||||
err = app.SetProfile(commands[1], string(bytePassword))
|
||||
if err == nil {
|
||||
fmt.Printf("Loaded profile for %v\n", commands[1])
|
||||
fmt.Printf("\nLoaded profile for %v\n", commands[1])
|
||||
profilefile = commands[1]
|
||||
} else {
|
||||
fmt.Printf("Error loading profile for %v: %v\n", commands[1], err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package peer
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"cwtch.im/cwtch/model"
|
||||
"cwtch.im/cwtch/peer/connections"
|
||||
|
|
@ -9,11 +10,17 @@ import (
|
|||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"github.com/golang/protobuf/proto"
|
||||
"fmt"
|
||||
"git.openprivacy.ca/openprivacy/libricochet-go/application"
|
||||
"git.openprivacy.ca/openprivacy/libricochet-go/channels"
|
||||
"git.openprivacy.ca/openprivacy/libricochet-go/connection"
|
||||
"github.com/golang/protobuf/proto"
|
||||
"github.com/ulule/deepcopier"
|
||||
"golang.org/x/crypto/ed25519"
|
||||
"golang.org/x/crypto/nacl/secretbox"
|
||||
"golang.org/x/crypto/pbkdf2"
|
||||
"golang.org/x/crypto/sha3"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"strings"
|
||||
|
|
@ -29,6 +36,8 @@ type cwtchPeer struct {
|
|||
Log chan string `json:"-"`
|
||||
connectionsManager *connections.Manager
|
||||
profilefile string
|
||||
key [32]byte
|
||||
salt [128]byte
|
||||
}
|
||||
|
||||
// CwtchPeerInterface provides us with a way of testing systems built on top of cwtch without having to
|
||||
|
|
@ -65,6 +74,57 @@ type CwtchPeerInterface interface {
|
|||
Shutdown()
|
||||
}
|
||||
|
||||
// createKey derives a key and salt for use in encrypting cwtchPeers
|
||||
func createKey(password string) ([32]byte, [128]byte) {
|
||||
var salt [128]byte
|
||||
if _, err := io.ReadFull(rand.Reader, salt[:]); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
dk := pbkdf2.Key([]byte(password), salt[:], 4096, 32, sha3.New512)
|
||||
|
||||
var dkr [32]byte
|
||||
copy(dkr[:], dk)
|
||||
return dkr, salt
|
||||
}
|
||||
|
||||
//encryptProfile encrypts the cwtchPeer via the specified key.
|
||||
func encryptProfile(p *cwtchPeer, key [32]byte) []byte {
|
||||
var nonce [24]byte
|
||||
|
||||
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
//copy the struct, then remove the key and salt before saving the copy
|
||||
cpc := &cwtchPeer{}
|
||||
deepcopier.Copy(p).To(cpc)
|
||||
var blankkey [32]byte
|
||||
var blanksalt [128]byte
|
||||
cpc.key = blankkey
|
||||
cpc.salt = blanksalt
|
||||
bytes, _ := json.Marshal(cpc)
|
||||
encrypted := secretbox.Seal(nonce[:], []byte(bytes), &nonce, &key)
|
||||
return encrypted
|
||||
}
|
||||
|
||||
//decryptProfile decrypts the passed ciphertext into a cwtchPeer via the specified key.
|
||||
func decryptProfile(ciphertext []byte, key [32]byte) (error, *cwtchPeer) {
|
||||
|
||||
var decryptNonce [24]byte
|
||||
copy(decryptNonce[:], ciphertext[:24])
|
||||
decrypted, ok := secretbox.Open(nil, ciphertext[24:], &decryptNonce, &key)
|
||||
if ok {
|
||||
cp := &cwtchPeer{}
|
||||
err := json.Unmarshal(decrypted, &cp)
|
||||
if err == nil {
|
||||
return nil, cp
|
||||
} else {
|
||||
return err, nil
|
||||
}
|
||||
}
|
||||
return fmt.Errorf("Failed to decrypt"), nil
|
||||
}
|
||||
|
||||
func (cp *cwtchPeer) setup() {
|
||||
cp.Log = make(chan string)
|
||||
cp.connectionsManager = connections.NewConnectionsManager()
|
||||
|
|
@ -86,31 +146,54 @@ func (cp *cwtchPeer) setup() {
|
|||
}
|
||||
|
||||
// NewCwtchPeer creates and returns a new cwtchPeer with the given name.
|
||||
func NewCwtchPeer(name string) CwtchPeerInterface {
|
||||
func NewCwtchPeer(name string, password string) CwtchPeerInterface {
|
||||
cp := new(cwtchPeer)
|
||||
cp.Profile = model.GenerateNewProfile(name)
|
||||
cp.setup()
|
||||
key, salt := createKey(password)
|
||||
cp.key = key
|
||||
cp.salt = salt
|
||||
return cp
|
||||
}
|
||||
|
||||
// Save saves the cwtchPeer profile state to a file.
|
||||
func (cp *cwtchPeer) Save(profilefile string) error {
|
||||
cp.mutex.Lock()
|
||||
bytes, _ := json.MarshalIndent(cp, "", "\t")
|
||||
err := ioutil.WriteFile(profilefile, bytes, 0600)
|
||||
encryptedbytes := encryptProfile(cp, cp.key)
|
||||
|
||||
// the salt for the derived key is appended to the front of the file
|
||||
encryptedbytes = append(cp.salt[:], encryptedbytes...)
|
||||
err := ioutil.WriteFile(profilefile, encryptedbytes, 0600)
|
||||
cp.profilefile = profilefile
|
||||
cp.mutex.Unlock()
|
||||
return err
|
||||
}
|
||||
|
||||
// LoadCwtchPeer loads an existing cwtchPeer from a file.
|
||||
func LoadCwtchPeer(profilefile string) (CwtchPeerInterface, error) {
|
||||
bytes, _ := ioutil.ReadFile(profilefile)
|
||||
cp := new(cwtchPeer)
|
||||
err := json.Unmarshal(bytes, &cp)
|
||||
cp.setup()
|
||||
cp.profilefile = profilefile
|
||||
return cp, err
|
||||
func LoadCwtchPeer(profilefile string, password string) (CwtchPeerInterface, error) {
|
||||
encryptedbytes, _ := ioutil.ReadFile(profilefile)
|
||||
|
||||
var dkr [32]byte
|
||||
var salty [128]byte
|
||||
|
||||
//Separate the salt from the encrypted bytes, then generate the derived key
|
||||
salt, encryptedbytes := encryptedbytes[0:128], encryptedbytes[128:]
|
||||
dk := pbkdf2.Key([]byte(password), salt, 4096, 32, sha3.New512)
|
||||
|
||||
//cast to arrays
|
||||
copy(dkr[:], dk)
|
||||
copy(salty[:], salt)
|
||||
|
||||
err, cp := decryptProfile(encryptedbytes, dkr)
|
||||
if err == nil {
|
||||
cp.setup()
|
||||
cp.profilefile = profilefile
|
||||
cp.key = dkr
|
||||
cp.salt = salty
|
||||
return cp, nil
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// ImportGroup intializes a group from an imported source rather than a peer invite
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@ import (
|
|||
|
||||
func TestCwtchPeerGenerate(t *testing.T) {
|
||||
|
||||
alice := NewCwtchPeer("alice")
|
||||
alice := NewCwtchPeer("alice","testpass")
|
||||
alice.Save("./test_profile")
|
||||
|
||||
aliceLoaded, err := LoadCwtchPeer("./test_profile")
|
||||
aliceLoaded, err := LoadCwtchPeer("./test_profile","testpass")
|
||||
if err != nil || aliceLoaded.GetProfile().Name != "alice" {
|
||||
t.Errorf("something went wrong saving and loading profiles %v %v", err, aliceLoaded)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -143,17 +143,17 @@ func TestCwtchPeerIntegration(t *testing.T) {
|
|||
// ***** Peer setup *****
|
||||
|
||||
fmt.Println("Creating Alice...")
|
||||
alice := peer.NewCwtchPeer("Alice")
|
||||
alice := peer.NewCwtchPeer("Alice","alicepass")
|
||||
go alice.Listen()
|
||||
fmt.Println("Alice created:", alice.GetProfile().Onion)
|
||||
|
||||
fmt.Println("Creating Bob...")
|
||||
bob := peer.NewCwtchPeer("Bob")
|
||||
bob := peer.NewCwtchPeer("Bob","bobpass")
|
||||
go bob.Listen()
|
||||
fmt.Println("Bob created:", bob.GetProfile().Onion)
|
||||
|
||||
fmt.Println("Creating Carol...")
|
||||
carol := peer.NewCwtchPeer("Carol")
|
||||
carol := peer.NewCwtchPeer("Carol","carolpass")
|
||||
go carol.Listen()
|
||||
fmt.Println("Carol created:", carol.GetProfile().Onion)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue