Fix keyring locked detection

This commit is contained in:
Bernd Schoolmann 2023-12-22 12:43:38 +01:00
parent ebe3dd44b5
commit 6311d6fbac
No known key found for this signature in database
6 changed files with 33 additions and 19 deletions

View File

@ -89,14 +89,14 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
return
}
cfg.SetUserSymmetricKey(vault.Keyring.AccountKey.Bytes())
cfg.SetUserSymmetricKey(vault.Keyring.GetAccountKey().Bytes())
cfg.SetMasterPasswordHash([]byte(masterpasswordHash))
cfg.SetMasterKey([]byte(masterKey.GetBytes()))
var protectedUserSymetricKey crypto.SymmetricEncryptionKey
if vault.Keyring.IsMemguard {
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(vault.Keyring.AccountKey.Bytes())
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(vault.Keyring.GetAccountKey().Bytes())
} else {
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(vault.Keyring.AccountKey.Bytes())
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(vault.Keyring.GetAccountKey().Bytes())
}
if err != nil {
var payload = messages.ActionResponse{

View File

@ -47,7 +47,7 @@ func InitKeyringFromMasterKey(keyring *Keyring, accountKey EncString, accountPri
return err
}
keyring.AccountKey = accountSymmetricKey
keyring.UnlockWithAccountKey(accountSymmetricKey)
pkcs8PrivateKey, err := DecryptWith(accountPrivateKey, accountSymmetricKey)
if err != nil {
@ -64,7 +64,7 @@ func InitKeyringFromMasterKey(keyring *Keyring, accountKey EncString, accountPri
}
func InitKeyringFromUserSymmetricKey(keyring *Keyring, accountSymmetricKey SymmetricEncryptionKey, accountPrivateKey EncString, orgKeys map[string]string) error {
keyring.AccountKey = accountSymmetricKey
keyring.UnlockWithAccountKey(accountSymmetricKey)
pkcs8PrivateKey, err := DecryptWith(accountPrivateKey, accountSymmetricKey)
if err != nil {
return err

View File

@ -9,7 +9,8 @@ import (
var keyringLog = logging.GetLogger("Goldwarden", "Keyring")
type Keyring struct {
AccountKey SymmetricEncryptionKey
isLocked bool
accountKey SymmetricEncryptionKey
AsymmetricEncyryptionKey AsymmetricEncryptionKey
IsMemguard bool
OrganizationKeys map[string]string
@ -18,28 +19,41 @@ type Keyring struct {
func NewMemoryKeyring(accountKey *MemorySymmetricEncryptionKey) Keyring {
keyringLog.Info("Creating new memory keyring")
return Keyring{
AccountKey: accountKey,
isLocked: accountKey == nil,
accountKey: accountKey,
}
}
func NewMemguardKeyring(accountKey *MemguardSymmetricEncryptionKey) Keyring {
keyringLog.Info("Creating new memguard keyring")
return Keyring{
AccountKey: accountKey,
isLocked: accountKey == nil,
accountKey: accountKey,
}
}
func (keyring Keyring) IsLocked() bool {
return keyring.AccountKey == nil
return keyring.isLocked
}
func (keyring *Keyring) Lock() {
keyringLog.Info("Locking keyring")
keyring.AccountKey = nil
keyring.isLocked = true
keyring.accountKey = nil
keyring.AsymmetricEncyryptionKey = MemoryAsymmetricEncryptionKey{}
keyring.OrganizationKeys = nil
}
func (keyring *Keyring) UnlockWithAccountKey(accountKey SymmetricEncryptionKey) {
keyringLog.Info("Unlocking keyring with account key")
keyring.isLocked = false
keyring.accountKey = accountKey
}
func (keyring *Keyring) GetAccountKey() SymmetricEncryptionKey {
return keyring.accountKey
}
func (keyring *Keyring) GetSymmetricKeyForOrganization(uuid string) (SymmetricEncryptionKey, error) {
if key, ok := keyring.OrganizationKeys[uuid]; ok {
decryptedOrgKey, err := DecryptWithAsymmetric([]byte(key), keyring.AsymmetricEncyryptionKey)

View File

@ -150,5 +150,5 @@ func (cipher Cipher) GetKeyForCipher(keyring crypto.Keyring) (crypto.SymmetricEn
if cipher.OrganizationID != nil {
return keyring.GetSymmetricKeyForOrganization(cipher.OrganizationID.String())
}
return keyring.AccountKey, nil
return keyring.GetAccountKey(), nil
}

View File

@ -441,7 +441,7 @@ func (cfg *Config) TryUnlock(vault *vault.Vault) error {
if err != nil {
return err
}
vault.Keyring.AccountKey = key
vault.Keyring.UnlockWithAccountKey(key)
} else {
cfg.Lock()
return err

View File

@ -30,13 +30,13 @@ func NewSSHKeyCipher(name string, keyring *crypto.Keyring) (models.Cipher, strin
privatePEM := pem.EncodeToMemory(&privBlock)
publicKey, err := ssh.NewPublicKey(pub)
encryptedName, _ := crypto.EncryptWith([]byte(name), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
encryptedPublicKeyKey, _ := crypto.EncryptWith([]byte("public-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
encryptedPublicKeyValue, _ := crypto.EncryptWith([]byte(string(ssh.MarshalAuthorizedKey(publicKey))), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
encryptedCustomTypeKey, _ := crypto.EncryptWith([]byte("custom-type"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
encryptedCustomTypeValue, _ := crypto.EncryptWith([]byte("ssh-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
encryptedPrivateKeyKey, _ := crypto.EncryptWith([]byte("private-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
encryptedPrivateKeyValue, _ := crypto.EncryptWith(privatePEM, crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
encryptedName, _ := crypto.EncryptWith([]byte(name), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
encryptedPublicKeyKey, _ := crypto.EncryptWith([]byte("public-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
encryptedPublicKeyValue, _ := crypto.EncryptWith([]byte(string(ssh.MarshalAuthorizedKey(publicKey))), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
encryptedCustomTypeKey, _ := crypto.EncryptWith([]byte("custom-type"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
encryptedCustomTypeValue, _ := crypto.EncryptWith([]byte("ssh-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
encryptedPrivateKeyKey, _ := crypto.EncryptWith([]byte("private-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
encryptedPrivateKeyValue, _ := crypto.EncryptWith(privatePEM, crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
cipher := models.Cipher{
Type: models.CipherNote,