Replaced old PasswordManager code with code using Botan's new PSK_Database
This greatly reduces the amount of encryption related code required. Thought we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.
This commit is contained in:
eelke
parent
1ae9a1151a
commit
6b9b602c64
4 changed files with 294 additions and 305 deletions
|
|
@ -1,245 +1,180 @@
|
|||
#include "PasswordManager.h"
|
||||
|
||||
#include <botan/filters.h>
|
||||
#include <botan/pipe.h>
|
||||
#include <botan/sha2_64.h>
|
||||
#include <botan/hash.h>
|
||||
#include <botan/hmac.h>
|
||||
#include <botan/pbkdf2.h>
|
||||
#include <botan/rng.h>
|
||||
//#include <botan/filters.h>
|
||||
//#include <botan/pipe.h>
|
||||
//#include <botan/sha2_64.h>
|
||||
//#include <botan/hash.h>
|
||||
//#include <botan/hmac.h>
|
||||
//#include <botan/pbkdf2.h>
|
||||
//#include <botan/rng.h>
|
||||
//#include <botan/base64.h>
|
||||
//#include <botan/loadstor.h>
|
||||
//#include <botan/mem_ops.h>
|
||||
#include <botan/auto_rng.h>
|
||||
#include <botan/base64.h>
|
||||
#include <botan/loadstor.h>
|
||||
#include <botan/mem_ops.h>
|
||||
|
||||
#include <boost/assert.hpp>
|
||||
|
||||
|
||||
using namespace Botan;
|
||||
|
||||
namespace {
|
||||
|
||||
/*
|
||||
First 24 bits of SHA-256("Botan Cryptobox"), followed by 8 0 bits
|
||||
for later use as flags, etc if needed
|
||||
*/
|
||||
const uint8_t c_PasswordVersionCode = 0x10;
|
||||
|
||||
const size_t c_VersionCodeLen = 1;
|
||||
|
||||
const size_t CIPHER_KEY_LEN = 32;
|
||||
const size_t CIPHER_IV_LEN = 16;
|
||||
const size_t MAC_KEY_LEN = 32;
|
||||
const size_t MAC_OUTPUT_LEN = 20;
|
||||
const size_t PBKDF_SALT_LEN = 10;
|
||||
//const size_t PBKDF_ITERATIONS = 8 * 1024;
|
||||
|
||||
const size_t PBKDF_OUTPUT_LEN = CIPHER_KEY_LEN + CIPHER_IV_LEN + MAC_KEY_LEN;
|
||||
|
||||
const char * const c_Cipher = "Serpent/CTR-BE";
|
||||
|
||||
const char * const c_IniGroupSecurity = "Security";
|
||||
#include <botan/psk_db_sql.h>
|
||||
#include <botan/sqlite3.h>
|
||||
#include <botan/scrypt.h>
|
||||
#include <boost/lexical_cast.hpp>
|
||||
|
||||
|
||||
|
||||
StrengthenedKey generateKey(const std::string &passphrase, const uint8_t *salt,
|
||||
int saltlength, int iterations)
|
||||
{
|
||||
PKCS5_PBKDF2 pbkdf(new HMAC(new SHA_512));
|
||||
OctetString master_key = pbkdf.derive_key(
|
||||
PBKDF_OUTPUT_LEN,
|
||||
passphrase,
|
||||
salt, saltlength,
|
||||
iterations);
|
||||
|
||||
const uint8_t* mk = master_key.begin();
|
||||
|
||||
return StrengthenedKey(
|
||||
SymmetricKey(mk, CIPHER_KEY_LEN),
|
||||
SymmetricKey(mk + CIPHER_KEY_LEN, MAC_KEY_LEN),
|
||||
InitializationVector(mk + CIPHER_KEY_LEN + MAC_KEY_LEN, CIPHER_IV_LEN));
|
||||
}
|
||||
|
||||
// secure_vector<uint8_t> pbkdf_salt(PBKDF_SALT_LEN);
|
||||
// rng.randomize( pbkdf_salt.data(), pbkdf_salt.size());
|
||||
// StrengthenedKey strengthened_key = generateKey(passphrase, pbkdf_salt.data(), pbkdf_salt.size());
|
||||
|
||||
|
||||
std::string encrypt(const std::string &input,
|
||||
const StrengthenedKey &strengthened_key)
|
||||
{
|
||||
|
||||
Pipe pipe(get_cipher(c_Cipher, strengthened_key.cipher_key,
|
||||
strengthened_key.iv, ENCRYPTION),
|
||||
new Fork(
|
||||
nullptr,
|
||||
new MAC_Filter(new HMAC(new SHA_512),
|
||||
strengthened_key.mac_key, MAC_OUTPUT_LEN)));
|
||||
|
||||
pipe.process_msg((const uint8_t*)input.data(), input.length());
|
||||
|
||||
/*
|
||||
Output format is:
|
||||
mac (20 bytes)
|
||||
ciphertext
|
||||
*/
|
||||
const size_t ciphertext_len = pipe.remaining(0);
|
||||
std::vector<uint8_t> out_buf(MAC_OUTPUT_LEN + ciphertext_len);
|
||||
|
||||
BOTAN_ASSERT_EQUAL(
|
||||
pipe.read(&out_buf[0], MAC_OUTPUT_LEN, 1),
|
||||
MAC_OUTPUT_LEN, "MAC output");
|
||||
BOTAN_ASSERT_EQUAL(
|
||||
pipe.read(&out_buf[MAC_OUTPUT_LEN], ciphertext_len, 0),
|
||||
ciphertext_len, "Ciphertext size");
|
||||
|
||||
return base64_encode(out_buf.data(), out_buf.size());
|
||||
}
|
||||
|
||||
std::string decrypt(const std::string &input, const StrengthenedKey &strengthened_key)
|
||||
{
|
||||
secure_vector<uint8_t> ciphertext = base64_decode(input);
|
||||
|
||||
if(ciphertext.size() < (MAC_OUTPUT_LEN)) {
|
||||
throw Decoding_Error("Invalid encrypted password input");
|
||||
}
|
||||
|
||||
Pipe pipe(new Fork(
|
||||
get_cipher(c_Cipher, strengthened_key.cipher_key, strengthened_key.iv, DECRYPTION),
|
||||
new MAC_Filter(new HMAC(new SHA_512), strengthened_key.mac_key, MAC_OUTPUT_LEN)
|
||||
));
|
||||
|
||||
const size_t ciphertext_offset = MAC_OUTPUT_LEN;
|
||||
pipe.process_msg(&ciphertext[ciphertext_offset], ciphertext.size() - ciphertext_offset);
|
||||
|
||||
uint8_t computed_mac[MAC_OUTPUT_LEN];
|
||||
BOTAN_ASSERT_EQUAL(MAC_OUTPUT_LEN, pipe.read(computed_mac, MAC_OUTPUT_LEN, 1), "MAC size");
|
||||
|
||||
if(!same_mem(computed_mac, &ciphertext[0], MAC_OUTPUT_LEN)) {
|
||||
throw Decoding_Error("Encrypted password integrity failure");
|
||||
}
|
||||
|
||||
return pipe.read_all_as_string(0);
|
||||
}
|
||||
|
||||
struct constants {
|
||||
const int pbkdf_salt_len;
|
||||
};
|
||||
|
||||
constants v1_consts = {
|
||||
10
|
||||
};
|
||||
|
||||
} // end of unnamed namespace
|
||||
|
||||
/*
|
||||
* File layout:
|
||||
*
|
||||
* Header
|
||||
* version
|
||||
* key_salt
|
||||
* hash_salt
|
||||
* master_hash
|
||||
*
|
||||
*
|
||||
* Passwords
|
||||
* key = pw
|
||||
*/
|
||||
|
||||
|
||||
|
||||
PasswordManager::PasswordManager(int iterations)
|
||||
: m_iterations(iterations)
|
||||
Botan::secure_vector<uint8_t> PasswordManager::KeyStrengthener::derive(const std::string &passphrase)
|
||||
{
|
||||
Botan::secure_vector<uint8_t> master_key(m_keySize);
|
||||
m_hasher->derive_key(master_key.data(), master_key.size(), passphrase.c_str(), passphrase.length(), m_salt.data(), m_salt.size());
|
||||
|
||||
return master_key;
|
||||
}
|
||||
|
||||
Expected<bool> PasswordManager::unlock(const std::string &master_password)
|
||||
void PasswordManager::KeyStrengthener::saveParams(std::shared_ptr<Botan::Sqlite3_Database> db, const std::string &table_name)
|
||||
{
|
||||
try {
|
||||
bool result = false;
|
||||
if (m_masterHash.length() == 0 && master_password.empty()) {
|
||||
result = true;
|
||||
} else {
|
||||
StrengthenedKey key = generateKey(master_password, m_keySalt.begin(),
|
||||
m_keySalt.length(), m_iterations);
|
||||
OctetString hash = hashStrengthenedKey(key, m_hashSalt);
|
||||
auto sc = dynamic_cast<Botan::Scrypt*>(m_hasher.get());
|
||||
size_t i1 = sc->N();
|
||||
size_t i2 = sc->r();
|
||||
size_t i3 = sc->p();
|
||||
|
||||
BOOST_ASSERT_MSG(hash.length() == m_masterHash.length(), "Both hashes should have the same length! Versioning error?");
|
||||
// SAVE parameters in database
|
||||
auto stmt = db->new_statement("INSERT INTO " + table_name + "(id, algo, i1, i2, i3, ks, salt) VALUES(?1, ?2, ?3, ?4, ?5)");
|
||||
stmt->bind(1, 1);
|
||||
stmt->bind(2, "Scrypt");
|
||||
stmt->bind(3, i1);
|
||||
stmt->bind(4, i2);
|
||||
stmt->bind(5, i3);
|
||||
stmt->bind(6, m_keySize);
|
||||
stmt->bind(7, Botan::base64_encode(m_salt));
|
||||
stmt->spin();
|
||||
|
||||
if (same_mem(m_masterHash.begin(), hash.begin(), hash.length())) {
|
||||
result = true;
|
||||
m_masterKey = key;
|
||||
}
|
||||
}
|
||||
return result;
|
||||
} catch (...) {
|
||||
return Expected<bool>::fromException();
|
||||
}
|
||||
|
||||
// -------------------------
|
||||
|
||||
void PasswordManager::openDatabase(std::shared_ptr<Botan::Sqlite3_Database> db, std::string passphrase)
|
||||
{
|
||||
// std::string psk_db_file_name;
|
||||
// auto db = std::make_shared<Botan::Sqlite3_Database>(psk_db_file_name);
|
||||
|
||||
KeyStrengthener ks;
|
||||
// if (database exists)
|
||||
if (isPskStoreInitialized(db)) {
|
||||
ks = getKeyStrengthener(db);
|
||||
}
|
||||
else {
|
||||
initializeNewPskStore(db);
|
||||
ks = createKeyStrengthener();
|
||||
ks.saveParams(db, m_secretAlgoTableName);
|
||||
}
|
||||
|
||||
Botan::secure_vector<uint8_t> master_key = ks.derive(passphrase);
|
||||
m_pskDatabase = std::make_unique<Botan::Encrypted_PSK_Database_SQL>(master_key, db, m_passwordTableName);
|
||||
}
|
||||
|
||||
|
||||
void PasswordManager::closeDatabase()
|
||||
{
|
||||
m_pskDatabase.reset();
|
||||
}
|
||||
|
||||
|
||||
void PasswordManager::set(const std::string &id, const std::string &passwd)
|
||||
{
|
||||
if (m_pskDatabase) {
|
||||
|
||||
}
|
||||
else {
|
||||
throw PasswordManagerLockedException();
|
||||
}
|
||||
}
|
||||
|
||||
Expected<bool> PasswordManager::changeMasterPassword(const std::string &old_master_password,
|
||||
const std::string &new_master_password)
|
||||
std::string PasswordManager::get(const std::string &id, const std::string &passwd)
|
||||
{
|
||||
try {
|
||||
bool result = false;
|
||||
if (m_masterHash.length() == 0 && old_master_password.empty()) {
|
||||
// Nothing set yet so we initialize for first use
|
||||
m_keySalt = OctetString(m_rng, v1_consts.pbkdf_salt_len);
|
||||
m_masterKey = generateKey(new_master_password, m_keySalt.begin(), m_keySalt.length(), m_iterations);
|
||||
if (m_pskDatabase) {
|
||||
|
||||
m_hashSalt = OctetString(m_rng, v1_consts.pbkdf_salt_len);
|
||||
m_masterHash = hashStrengthenedKey(m_masterKey, m_hashSalt);
|
||||
result = true;
|
||||
}
|
||||
return result;
|
||||
} catch (...) {
|
||||
return Expected<bool>::fromException();
|
||||
}
|
||||
else {
|
||||
throw PasswordManagerLockedException();
|
||||
}
|
||||
}
|
||||
|
||||
void PasswordManager::lock()
|
||||
void PasswordManager::remove(const std::string &id)
|
||||
{
|
||||
m_masterKey = StrengthenedKey();
|
||||
}
|
||||
if (m_pskDatabase) {
|
||||
|
||||
bool PasswordManager::locked() const
|
||||
{
|
||||
return m_masterKey.cipher_key.size() == 0;
|
||||
}
|
||||
|
||||
Expected<void> PasswordManager::savePassword(const std::string &key, const std::string &password)
|
||||
{
|
||||
if (locked()) {
|
||||
return Expected<void>::fromException(std::logic_error("Need to unlock the password manager first"));
|
||||
}
|
||||
std::string epw = encrypt(password, m_masterKey);
|
||||
m_store.emplace(key, epw);
|
||||
|
||||
return Expected<void>();
|
||||
}
|
||||
|
||||
Expected<bool> PasswordManager::getPassword(const std::string &key, std::string &out)
|
||||
{
|
||||
if (locked()) {
|
||||
return Expected<bool>::fromException(std::logic_error("Need to unlock the password manager first"));
|
||||
else {
|
||||
throw PasswordManagerLockedException();
|
||||
}
|
||||
auto fi = m_store.find(key);
|
||||
|
||||
bool result = false;
|
||||
if (fi != m_store.end()) {
|
||||
out = decrypt(fi->second, m_masterKey);
|
||||
result = true;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
Botan::OctetString PasswordManager::hashStrengthenedKey(const StrengthenedKey &key, const OctetString &salt)
|
||||
|
||||
void PasswordManager::initializeNewPskStore(std::shared_ptr<Botan::Sqlite3_Database> db)
|
||||
{
|
||||
std::unique_ptr<Botan::HashFunction> hash3(Botan::HashFunction::create("SHA-3"));
|
||||
BOOST_ASSERT_MSG(hash3 != nullptr, "SHA-3 algorithm not available");
|
||||
hash3->update(salt.begin(), salt.length());
|
||||
hash3->update(key.cipher_key.begin(), key.cipher_key.length());
|
||||
hash3->update(key.mac_key.begin(), key.mac_key.length());
|
||||
hash3->update(key.iv.begin(), key.iv.length());
|
||||
return hash3->final();
|
||||
// Create tables
|
||||
// - psk_masterkey_algo
|
||||
// - psk_passwd
|
||||
std::string create_statement =
|
||||
"CREATE TABLE IF NOT EXISTS " + m_secretAlgoTableName + "( \n"
|
||||
" id INTEGER PRIMARY KEY \n"
|
||||
" algo TEXT \n"
|
||||
" i1 INTEGER \n"
|
||||
" i2 INTEGER \n"
|
||||
" i3 INTEGER \n"
|
||||
" ks INTEGER \n"
|
||||
" salt TEXT \n"
|
||||
");";
|
||||
db->create_table(create_statement);
|
||||
|
||||
}
|
||||
|
||||
bool PasswordManager::isPskStoreInitialized(std::shared_ptr<Botan::Sqlite3_Database> db)
|
||||
{
|
||||
// Is the table with the secret data present and filled?
|
||||
auto stmt = db->new_statement("SELECT name FROM sqlite_master WHERE type='table' AND name=?1");
|
||||
stmt->bind(1, m_secretAlgoTableName);
|
||||
bool ok = stmt->step();
|
||||
if (ok) {
|
||||
auto stmt = db->new_statement("SELECT algo FROM " + m_secretAlgoTableName + " WHERE id=1");
|
||||
return stmt->step();
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
PasswordManager::KeyStrengthener PasswordManager::getKeyStrengthener(std::shared_ptr<Botan::Sqlite3_Database> db)
|
||||
{
|
||||
auto stmt = db->new_statement("SELECT algo, i1, i2, i3, ks, salt FROM " + m_secretAlgoTableName + " WHERE id=1");
|
||||
if (stmt->step()) {
|
||||
std::string algo = stmt->get_str(0);
|
||||
size_t i1 = boost::lexical_cast<size_t>(stmt->get_str(1));
|
||||
size_t i2 = boost::lexical_cast<size_t>(stmt->get_str(2));
|
||||
size_t i3 = boost::lexical_cast<size_t>(stmt->get_str(3));
|
||||
size_t ks = boost::lexical_cast<size_t>(stmt->get_str(4));
|
||||
|
||||
auto pwh_fam = Botan::PasswordHashFamily::create(algo);
|
||||
return KeyStrengthener(
|
||||
pwh_fam->from_params(i1, i2, i3),
|
||||
Botan::base64_decode(stmt->get_str(5)),
|
||||
ks
|
||||
);
|
||||
}
|
||||
else {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
PasswordManager::KeyStrengthener PasswordManager::createKeyStrengthener()
|
||||
{
|
||||
// std::unique_ptr<Botan::PasswordHash> pwh;
|
||||
|
||||
size_t key_size = 64;
|
||||
Botan::secure_vector<uint8_t> salt(key_size);
|
||||
Botan::AutoSeeded_RNG rng;
|
||||
rng.randomize(salt.data(), salt.size());
|
||||
|
||||
const std::string algo = "Scrypt";
|
||||
auto pwh_fam = Botan::PasswordHashFamily::create(algo);
|
||||
return KeyStrengthener(
|
||||
pwh_fam->tune(key_size, std::chrono::seconds(2), 130),
|
||||
salt,
|
||||
key_size
|
||||
);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue