improve store passphrase generation

msladek · msladek · commit 96d6a0344667 · 2022-01-08T20:46:14.000+01:00
diff --git a/cmd/enpasscli/main.go b/cmd/enpasscli/main.go
@@ -155,9 +155,11 @@ func main() {
 		return
 	}
 
-	accessData := &enpass.VaultAccessData{}
-	accessData.KeyfilePath = *keyFilePath
-	accessData.Password = os.Getenv("MASTERPW")
+	accessData := &enpass.VaultAccessData{
+		VaultPath:   *vaultPath,
+		KeyfilePath: *keyFilePath,
+		Password:    os.Getenv("MASTERPW"),
+	}
 
 	var store *pin.SecureStore
 	if !*pinEnabled {
@@ -173,7 +175,7 @@ func main() {
 	vault := enpass.Vault{Logger: *logrus.New()}
 	vault.Logger.SetLevel(logger.Level)
 
-	if err := vault.Initialize(*vaultPath, accessData); err != nil {
+	if err := vault.Initialize(accessData); err != nil {
 		logger.WithError(err).Error("could not open vault")
 		logger.Exit(2)
 	}
@@ -209,13 +211,12 @@ func initAndReadSecureStore(logger *logrus.Logger, accessData *enpass.VaultAcces
 		storePin = prompt(logger, "PIN")
 	}
 	logger.Debug("initialising secure store")
-	store, err := pin.NewSecureStore(storePin)
+	store, err := pin.NewSecureStore(storePin, accessData.VaultPath)
 	if err != nil {
 		logger.WithError(err).Fatal("could not initialise secure store")
 	}
 	logger.Debug("reading from store")
 	if accessData.DBKey, err = store.Read(); err != nil {
-		// TODO debug ?
 		logger.WithError(err).Fatal("could not read access data from store")
 	}
 	return store
diff --git a/pkg/enpass/vault.go b/pkg/enpass/vault.go
@@ -43,13 +43,15 @@ type Vault struct {
 }
 
 type VaultAccessData struct {
+	VaultPath   string
 	KeyfilePath string
 	Password    string
 	DBKey       []byte
 }
 
 func (accessData *VaultAccessData) IsComplete() bool {
-	return accessData.Password != "" || accessData.DBKey != nil
+	return accessData.VaultPath != "" &&
+		(accessData.Password != "" || accessData.DBKey != nil)
 }
 
 func (v *Vault) openEncryptedDatabase(path string, dbKey []byte) (err error) {
@@ -76,7 +78,7 @@ func (v *Vault) generateAndSetDBKey(accessData *VaultAccessData) error {
 	}
 
 	if accessData.Password == "" {
-		return errors.New("empty v password provided")
+		return errors.New("empty vault password provided")
 	}
 
 	if accessData.KeyfilePath == "" && v.vaultInfo.HasKeyfile == 1 {
@@ -88,7 +90,7 @@ func (v *Vault) generateAndSetDBKey(accessData *VaultAccessData) error {
 	v.Logger.Debug("generating master password")
 	masterPassword, err := v.generateMasterPassword([]byte(accessData.Password), accessData.KeyfilePath)
 	if err != nil {
-		return errors.Wrap(err, "could not generate v unlock key")
+		return errors.Wrap(err, "could not generate vault unlock key")
 	}
 
 	v.Logger.Debug("extracting salt from database")
@@ -119,17 +121,17 @@ func (v *Vault) checkPaths() error {
 }
 
 // Initialize : setup a connection to the Enpass database. Call this before doing anything.
-func (v *Vault) Initialize(databasePath string, accessData *VaultAccessData) error {
-	if databasePath == "" {
-		return errors.New("empty v path provided")
+func (v *Vault) Initialize(accessData *VaultAccessData) error {
+	if accessData.VaultPath == "" {
+		return errors.New("empty vault path provided")
 	}
 
-	v.databaseFilename = filepath.Join(databasePath, vaultFileName)
-	v.vaultInfoFilename = filepath.Join(databasePath, vaultInfoFileName)
+	v.databaseFilename = filepath.Join(accessData.VaultPath, vaultFileName)
+	v.vaultInfoFilename = filepath.Join(accessData.VaultPath, vaultInfoFileName)
 
-	v.Logger.Debug("checking provided v paths")
+	v.Logger.Debug("checking provided vault paths")
 	if err := v.checkPaths(); err != nil {
-		return errors.Wrap(err, "invalid v path provided")
+		return errors.Wrap(err, "invalid vault path provided")
 	}
 
 	v.Logger.Debug("loading vault info")
diff --git a/pkg/pin/aes256gcm.go b/pkg/pin/aes256gcm.go
@@ -18,15 +18,22 @@ const (
 	minKdfIterCount = 10000
 )
 
-func deriveKey(passphrase string, salt []byte, kdfIterCount int) ([]byte, []byte) {
-	if salt == nil {
-		salt = make([]byte, saltLength)
-		rand.Read(salt) // Salt http://www.ietf.org/rfc/rfc2898.txt
-	}
+func sha256sum(data []byte) []byte {
+	sum := sha256.Sum256(data)
+	return sum[:]
+}
+
+func generateSalt() []byte {
+	salt := make([]byte, saltLength)
+	rand.Read(salt) // Salt http://www.ietf.org/rfc/rfc2898.txt
+	return salt
+}
+
+func deriveKey(passphrase []byte, salt []byte, kdfIterCount int) []byte {
 	if kdfIterCount < minKdfIterCount {
 		kdfIterCount = minKdfIterCount
 	}
-	return pbkdf2.Key([]byte(passphrase), salt, kdfIterCount, sha256.Size, sha256.New), salt
+	return pbkdf2.Key(passphrase, salt, kdfIterCount, sha256.Size, sha256.New)
 }
 
 func createCipherGCM(key []byte) (cipher.AEAD, error) {
@@ -37,8 +44,9 @@ func createCipherGCM(key []byte) (cipher.AEAD, error) {
 	return cipher.NewGCM(b)
 }
 
-func encrypt(passphrase string, plaintext []byte, kdfIterCount int) (string, error) {
-	key, salt := deriveKey(passphrase, nil, kdfIterCount)
+func encrypt(passphrase []byte, plaintext []byte, kdfIterCount int) (string, error) {
+	salt := generateSalt()
+	key := deriveKey(passphrase, salt, kdfIterCount)
 	iv := make([]byte, 12)
 	rand.Read(iv) // Section 8.2 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
 	aesgcm, err := createCipherGCM(key)
@@ -49,12 +57,12 @@ func encrypt(passphrase string, plaintext []byte, kdfIterCount int) (string, err
 	return hex.EncodeToString(salt) + "-" + hex.EncodeToString(iv) + "-" + hex.EncodeToString(data), nil
 }
 
-func decrypt(passphrase, ciphertext string, kdfIterCount int) ([]byte, error) {
+func decrypt(passphrase []byte, ciphertext string, kdfIterCount int) ([]byte, error) {
 	arr := strings.Split(ciphertext, "-")
 	salt, _ := hex.DecodeString(arr[0])
 	iv, _ := hex.DecodeString(arr[1])
 	data, _ := hex.DecodeString(arr[2])
-	key, _ := deriveKey(passphrase, salt, kdfIterCount)
+	key := deriveKey(passphrase, salt, kdfIterCount)
 	aesgcm, err := createCipherGCM(key)
 	if err != nil {
 		return nil, err
diff --git a/pkg/pin/securestore.go b/pkg/pin/securestore.go
@@ -1,54 +1,72 @@
 package pin
 
 import (
-	"errors"
+	"bytes"
 	"os"
+	"os/exec"
 	"path/filepath"
+
+	"github.com/pkg/errors"
 )
 
 const (
-	storeFileName = "enpasscli.mpw"
-	kdfIterCount  = 100000
+	fileNamePref = "enpasscli-"
+	fileMode     = 0600
+	kdfIterCount = 100000
+	minPinLength = 8
 )
 
 type SecureStore struct {
 	filePath            string
-	passphrase          string
+	passphrase          []byte
 	wasReadSuccessfully bool
 }
 
-func NewSecureStore(pin string) (*SecureStore, error) {
-	dirPath := os.Getenv("XDG_RUNTIME_DIR")
-	if dirPath == "" {
-		dirPath = os.TempDir()
+func NewSecureStore(pin string, vaultPath string) (*SecureStore, error) {
+	if len(pin) < minPinLength {
+		return nil, errors.New("PIN too short")
 	}
-	// TODO check dir read/writeablility ?
-	if passphrase, err := generatePassphrase(pin); err != nil {
+	file, err := getOrCreateStoreFile(vaultPath)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not create store file")
+	}
+	if passphrase, err := generatePassphrase(pin, file); err != nil {
 		return nil, err
 	} else {
 		return &SecureStore{
-			filePath:            filepath.Join(dirPath, storeFileName),
+			filePath:            file.Name(),
 			passphrase:          passphrase,
 			wasReadSuccessfully: false,
 		}, nil
 	}
 }
 
-func generatePassphrase(pin string) (string, error) {
-	if pin == "" {
-		return "", errors.New("PIN not set")
+func getOrCreateStoreFile(vaultPath string) (*os.File, error) {
+	dirPath := os.Getenv("XDG_RUNTIME_DIR")
+	if dirPath == "" {
+		dirPath = os.TempDir()
+	}
+	fileName := fileNamePref + filepath.Base(vaultPath)
+	return os.OpenFile(filepath.Join(dirPath, fileName), os.O_CREATE, fileMode)
+}
+
+// this is more obscurity than security but can make trivial attack vectors more difficult
+func generatePassphrase(pin string, file *os.File) ([]byte, error) {
+	data := []byte(pin)
+	lastboot, err := exec.Command("who", "-b").Output()
+	if err != nil {
+		return nil, errors.Wrap(err, "could not retrieve last boot time")
 	}
-	// TODO check PIN length / quality
-	// TODO calc passphrase
-	return pin, nil
+	data = append(data, bytes.TrimSpace(lastboot)...)
+	return sha256sum(data), nil
 }
 
 func (store *SecureStore) Read() ([]byte, error) {
-	if store.passphrase == "" {
+	if store.passphrase == nil {
 		return nil, errors.New("empty store passphrase")
 	}
 	data, _ := os.ReadFile(store.filePath)
-	if data == nil {
+	if data == nil || len(data) == 0 {
 		return nil, nil // nothing to read
 	}
 	dbKey, err := decrypt(store.passphrase, string(data), kdfIterCount)
@@ -63,14 +81,14 @@ func (store *SecureStore) Write(dbKey []byte) error {
 	if store.wasReadSuccessfully {
 		return nil // no need to overwrite the file if read was already successful
 	}
-	if store.passphrase == "" {
+	if store.passphrase == nil {
 		return errors.New("empty store passphrase")
 	}
 	data, err := encrypt(store.passphrase, dbKey, kdfIterCount)
 	if err != nil {
 		return err
 	}
-	return os.WriteFile(store.filePath, []byte(data), 0600)
+	return os.WriteFile(store.filePath, []byte(data), fileMode)
 }
 
 func (store *SecureStore) Clear() error {

Original file line number	Diff line number	Diff line change
`@@ -43,13 +43,15 @@ type Vault struct {`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`type VaultAccessData struct {`
	`46`	`+ VaultPath string`
`46`	`47`	`KeyfilePath string`
`47`	`48`	`Password string`
`48`	`49`	`DBKey []byte`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`func (accessData *VaultAccessData) IsComplete() bool {`
`52`		`- return accessData.Password != "" \|\| accessData.DBKey != nil`
	`53`	`+ return accessData.VaultPath != "" &&`
	`54`	`+ (accessData.Password != "" \|\| accessData.DBKey != nil)`
`53`	`55`	`}`
`54`	`56`
`55`	`57`	`func (v *Vault) openEncryptedDatabase(path string, dbKey []byte) (err error) {`
`@@ -76,7 +78,7 @@ func (v Vault) generateAndSetDBKey(accessData VaultAccessData) error {`
`76`	`78`	`}`
`77`	`79`
`78`	`80`	`if accessData.Password == "" {`
`79`		`- return errors.New("empty v password provided")`
	`81`	`+ return errors.New("empty vault password provided")`
`80`	`82`	`}`
`81`	`83`
`82`	`84`	`if accessData.KeyfilePath == "" && v.vaultInfo.HasKeyfile == 1 {`
`@@ -88,7 +90,7 @@ func (v Vault) generateAndSetDBKey(accessData VaultAccessData) error {`
`88`	`90`	`v.Logger.Debug("generating master password")`
`89`	`91`	`masterPassword, err := v.generateMasterPassword([]byte(accessData.Password), accessData.KeyfilePath)`
`90`	`92`	`if err != nil {`
`91`		`- return errors.Wrap(err, "could not generate v unlock key")`
	`93`	`+ return errors.Wrap(err, "could not generate vault unlock key")`
`92`	`94`	`}`
`93`	`95`
`94`	`96`	`v.Logger.Debug("extracting salt from database")`
`@@ -119,17 +121,17 @@ func (v *Vault) checkPaths() error {`
`119`	`121`	`}`
`120`	`122`
`121`	`123`	`// Initialize : setup a connection to the Enpass database. Call this before doing anything.`
`122`		`-func (v Vault) Initialize(databasePath string, accessData VaultAccessData) error {`
`123`		`- if databasePath == "" {`
`124`		`- return errors.New("empty v path provided")`
	`124`	`+func (v Vault) Initialize(accessData VaultAccessData) error {`
	`125`	`+ if accessData.VaultPath == "" {`
	`126`	`+ return errors.New("empty vault path provided")`
`125`	`127`	`}`
`126`	`128`
`127`		`- v.databaseFilename = filepath.Join(databasePath, vaultFileName)`
`128`		`- v.vaultInfoFilename = filepath.Join(databasePath, vaultInfoFileName)`
	`129`	`+ v.databaseFilename = filepath.Join(accessData.VaultPath, vaultFileName)`
	`130`	`+ v.vaultInfoFilename = filepath.Join(accessData.VaultPath, vaultInfoFileName)`
`129`	`131`
`130`		`- v.Logger.Debug("checking provided v paths")`
	`132`	`+ v.Logger.Debug("checking provided vault paths")`
`131`	`133`	`if err := v.checkPaths(); err != nil {`
`132`		`- return errors.Wrap(err, "invalid v path provided")`
	`134`	`+ return errors.Wrap(err, "invalid vault path provided")`
`133`	`135`	`}`
`134`	`136`
`135`	`137`	`v.Logger.Debug("loading vault info")`