mirror of
https://github.com/quexten/goldwarden.git
synced 2024-12-24 20:03:22 +03:00
Fix keyring locked detection
This commit is contained in:
parent
ebe3dd44b5
commit
6311d6fbac
@ -89,14 +89,14 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
|
||||
return
|
||||
}
|
||||
|
||||
cfg.SetUserSymmetricKey(vault.Keyring.AccountKey.Bytes())
|
||||
cfg.SetUserSymmetricKey(vault.Keyring.GetAccountKey().Bytes())
|
||||
cfg.SetMasterPasswordHash([]byte(masterpasswordHash))
|
||||
cfg.SetMasterKey([]byte(masterKey.GetBytes()))
|
||||
var protectedUserSymetricKey crypto.SymmetricEncryptionKey
|
||||
if vault.Keyring.IsMemguard {
|
||||
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(vault.Keyring.AccountKey.Bytes())
|
||||
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(vault.Keyring.GetAccountKey().Bytes())
|
||||
} else {
|
||||
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(vault.Keyring.AccountKey.Bytes())
|
||||
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(vault.Keyring.GetAccountKey().Bytes())
|
||||
}
|
||||
if err != nil {
|
||||
var payload = messages.ActionResponse{
|
||||
|
@ -47,7 +47,7 @@ func InitKeyringFromMasterKey(keyring *Keyring, accountKey EncString, accountPri
|
||||
return err
|
||||
}
|
||||
|
||||
keyring.AccountKey = accountSymmetricKey
|
||||
keyring.UnlockWithAccountKey(accountSymmetricKey)
|
||||
|
||||
pkcs8PrivateKey, err := DecryptWith(accountPrivateKey, accountSymmetricKey)
|
||||
if err != nil {
|
||||
@ -64,7 +64,7 @@ func InitKeyringFromMasterKey(keyring *Keyring, accountKey EncString, accountPri
|
||||
}
|
||||
|
||||
func InitKeyringFromUserSymmetricKey(keyring *Keyring, accountSymmetricKey SymmetricEncryptionKey, accountPrivateKey EncString, orgKeys map[string]string) error {
|
||||
keyring.AccountKey = accountSymmetricKey
|
||||
keyring.UnlockWithAccountKey(accountSymmetricKey)
|
||||
pkcs8PrivateKey, err := DecryptWith(accountPrivateKey, accountSymmetricKey)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -9,7 +9,8 @@ import (
|
||||
var keyringLog = logging.GetLogger("Goldwarden", "Keyring")
|
||||
|
||||
type Keyring struct {
|
||||
AccountKey SymmetricEncryptionKey
|
||||
isLocked bool
|
||||
accountKey SymmetricEncryptionKey
|
||||
AsymmetricEncyryptionKey AsymmetricEncryptionKey
|
||||
IsMemguard bool
|
||||
OrganizationKeys map[string]string
|
||||
@ -18,28 +19,41 @@ type Keyring struct {
|
||||
func NewMemoryKeyring(accountKey *MemorySymmetricEncryptionKey) Keyring {
|
||||
keyringLog.Info("Creating new memory keyring")
|
||||
return Keyring{
|
||||
AccountKey: accountKey,
|
||||
isLocked: accountKey == nil,
|
||||
accountKey: accountKey,
|
||||
}
|
||||
}
|
||||
|
||||
func NewMemguardKeyring(accountKey *MemguardSymmetricEncryptionKey) Keyring {
|
||||
keyringLog.Info("Creating new memguard keyring")
|
||||
return Keyring{
|
||||
AccountKey: accountKey,
|
||||
isLocked: accountKey == nil,
|
||||
accountKey: accountKey,
|
||||
}
|
||||
}
|
||||
|
||||
func (keyring Keyring) IsLocked() bool {
|
||||
return keyring.AccountKey == nil
|
||||
return keyring.isLocked
|
||||
}
|
||||
|
||||
func (keyring *Keyring) Lock() {
|
||||
keyringLog.Info("Locking keyring")
|
||||
keyring.AccountKey = nil
|
||||
keyring.isLocked = true
|
||||
keyring.accountKey = nil
|
||||
keyring.AsymmetricEncyryptionKey = MemoryAsymmetricEncryptionKey{}
|
||||
keyring.OrganizationKeys = nil
|
||||
}
|
||||
|
||||
func (keyring *Keyring) UnlockWithAccountKey(accountKey SymmetricEncryptionKey) {
|
||||
keyringLog.Info("Unlocking keyring with account key")
|
||||
keyring.isLocked = false
|
||||
keyring.accountKey = accountKey
|
||||
}
|
||||
|
||||
func (keyring *Keyring) GetAccountKey() SymmetricEncryptionKey {
|
||||
return keyring.accountKey
|
||||
}
|
||||
|
||||
func (keyring *Keyring) GetSymmetricKeyForOrganization(uuid string) (SymmetricEncryptionKey, error) {
|
||||
if key, ok := keyring.OrganizationKeys[uuid]; ok {
|
||||
decryptedOrgKey, err := DecryptWithAsymmetric([]byte(key), keyring.AsymmetricEncyryptionKey)
|
||||
|
@ -150,5 +150,5 @@ func (cipher Cipher) GetKeyForCipher(keyring crypto.Keyring) (crypto.SymmetricEn
|
||||
if cipher.OrganizationID != nil {
|
||||
return keyring.GetSymmetricKeyForOrganization(cipher.OrganizationID.String())
|
||||
}
|
||||
return keyring.AccountKey, nil
|
||||
return keyring.GetAccountKey(), nil
|
||||
}
|
||||
|
@ -441,7 +441,7 @@ func (cfg *Config) TryUnlock(vault *vault.Vault) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
vault.Keyring.AccountKey = key
|
||||
vault.Keyring.UnlockWithAccountKey(key)
|
||||
} else {
|
||||
cfg.Lock()
|
||||
return err
|
||||
|
@ -30,13 +30,13 @@ func NewSSHKeyCipher(name string, keyring *crypto.Keyring) (models.Cipher, strin
|
||||
privatePEM := pem.EncodeToMemory(&privBlock)
|
||||
publicKey, err := ssh.NewPublicKey(pub)
|
||||
|
||||
encryptedName, _ := crypto.EncryptWith([]byte(name), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
||||
encryptedPublicKeyKey, _ := crypto.EncryptWith([]byte("public-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
||||
encryptedPublicKeyValue, _ := crypto.EncryptWith([]byte(string(ssh.MarshalAuthorizedKey(publicKey))), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
||||
encryptedCustomTypeKey, _ := crypto.EncryptWith([]byte("custom-type"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
||||
encryptedCustomTypeValue, _ := crypto.EncryptWith([]byte("ssh-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
||||
encryptedPrivateKeyKey, _ := crypto.EncryptWith([]byte("private-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
||||
encryptedPrivateKeyValue, _ := crypto.EncryptWith(privatePEM, crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
||||
encryptedName, _ := crypto.EncryptWith([]byte(name), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||
encryptedPublicKeyKey, _ := crypto.EncryptWith([]byte("public-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||
encryptedPublicKeyValue, _ := crypto.EncryptWith([]byte(string(ssh.MarshalAuthorizedKey(publicKey))), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||
encryptedCustomTypeKey, _ := crypto.EncryptWith([]byte("custom-type"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||
encryptedCustomTypeValue, _ := crypto.EncryptWith([]byte("ssh-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||
encryptedPrivateKeyKey, _ := crypto.EncryptWith([]byte("private-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||
encryptedPrivateKeyValue, _ := crypto.EncryptWith(privatePEM, crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||
|
||||
cipher := models.Cipher{
|
||||
Type: models.CipherNote,
|
||||
|
Loading…
Reference in New Issue
Block a user