From b676de9dac03c801da61e95aa38f9dcf6849de33 Mon Sep 17 00:00:00 2001 From: Andrea Maria Piana Date: Mon, 10 Dec 2018 14:11:19 +0100 Subject: [PATCH] Hash password before using it (#1306) --- VERSION | 2 +- services/shhext/chat/sql_lite_persistence.go | 9 ++++----- services/shhext/service.go | 20 ++++++++++++++++---- services/shhext/service_test.go | 19 +++++++++++++++---- 4 files changed, 36 insertions(+), 14 deletions(-) diff --git a/VERSION b/VERSION index 539c147a4..899b0f3e4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.18.1-beta +0.18.2-beta diff --git a/services/shhext/chat/sql_lite_persistence.go b/services/shhext/chat/sql_lite_persistence.go index 5f4c39690..60aefbefc 100644 --- a/services/shhext/chat/sql_lite_persistence.go +++ b/services/shhext/chat/sql_lite_persistence.go @@ -53,7 +53,7 @@ func NewSQLLitePersistence(path string, key string) (*SQLLitePersistence, error) return s, nil } -func MigrateDBFile(oldPath string, newPath string, key string) error { +func MigrateDBFile(oldPath string, newPath string, oldKey string, newKey string) error { _, err := os.Stat(oldPath) // No files, nothing to do @@ -70,13 +70,12 @@ func MigrateDBFile(oldPath string, newPath string, key string) error { return err } - // Migrate dev/nightly builds which used ON as a key for debugging - db, err := openDB(newPath, "ON") + db, err := openDB(newPath, oldKey) if err != nil { return err } - keyString := fmt.Sprintf("PRAGMA rekey=%s", key) + keyString := fmt.Sprintf("PRAGMA rekey = '%s'", newKey) if _, err = db.Exec(keyString); err != nil { return err @@ -92,7 +91,7 @@ func openDB(path string, key string) (*sql.DB, error) { return nil, err } - keyString := fmt.Sprintf("PRAGMA key=%s", key) + keyString := fmt.Sprintf("PRAGMA key = '%s'", key) // Disable concurrent access as not supported by the driver db.SetMaxOpenConns(1) diff --git a/services/shhext/service.go b/services/shhext/service.go index 76421bc68..6bb9ee8f9 100644 --- a/services/shhext/service.go +++ b/services/shhext/service.go @@ -8,6 +8,7 @@ import ( "path/filepath" "github.com/ethereum/go-ethereum/common" + "github.com/ethereum/go-ethereum/crypto/sha3" "github.com/ethereum/go-ethereum/node" "github.com/ethereum/go-ethereum/p2p" "github.com/ethereum/go-ethereum/p2p/enode" @@ -108,17 +109,28 @@ func (s *Service) InitProtocol(address string, password string) error { return nil } + digest := sha3.Sum256([]byte(password)) + hashedPassword := fmt.Sprintf("%x", digest) + if err := os.MkdirAll(filepath.Clean(s.dataDir), os.ModePerm); err != nil { return err } - oldPath := filepath.Join(s.dataDir, fmt.Sprintf("%x.db", address)) - newPath := filepath.Join(s.dataDir, fmt.Sprintf("%s.db", s.installationID)) + v0Path := filepath.Join(s.dataDir, fmt.Sprintf("%x.db", address)) + v1Path := filepath.Join(s.dataDir, fmt.Sprintf("%s.db", s.installationID)) + v2Path := filepath.Join(s.dataDir, fmt.Sprintf("%s.v2.db", s.installationID)) - if err := chat.MigrateDBFile(oldPath, newPath, password); err != nil { + if err := chat.MigrateDBFile(v0Path, v1Path, "ON", password); err != nil { return err } - persistence, err := chat.NewSQLLitePersistence(newPath, password) + if err := chat.MigrateDBFile(v1Path, v2Path, password, hashedPassword); err != nil { + // Remove db file as created with a blank password and never used, + // and there's no need to rekey in this case + os.Remove(v1Path) + os.Remove(v2Path) + } + + persistence, err := chat.NewSQLLitePersistence(v2Path, hashedPassword) if err != nil { return err } diff --git a/services/shhext/service_test.go b/services/shhext/service_test.go index 969d96e7f..0b39dd882 100644 --- a/services/shhext/service_test.go +++ b/services/shhext/service_test.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "io/ioutil" "math" "os" "testing" @@ -72,6 +73,10 @@ func (s *ShhExtSuite) SetupTest() { s.nodes = make([]*node.Node, 2) s.services = make([]*Service, 2) s.whisper = make([]*whisper.Whisper, 2) + + directory, err := ioutil.TempDir("", "status-go-testing") + s.Require().NoError(err) + for i := range s.nodes { i := i // bind i to be usable in service constructors cfg := &node.Config{ @@ -88,11 +93,12 @@ func (s *ShhExtSuite) SetupTest() { s.NoError(stack.Register(func(n *node.ServiceContext) (node.Service, error) { return s.whisper[i], nil })) + config := &ServiceConfig{ InstallationID: "1", - DataDir: os.TempDir(), + DataDir: directory, Debug: true, - PFSEnabled: false, + PFSEnabled: true, MailServerConfirmations: true, ConnectionTarget: 10, } @@ -106,6 +112,11 @@ func (s *ShhExtSuite) SetupTest() { s.services[0].tracker.handler = newHandlerMock(1) } +func (s *ShhExtSuite) TestInitProtocol() { + err := s.services[0].InitProtocol("example-address", "`090///\nhtaa\rhta9x8923)$$'23") + s.NoError(err) +} + func (s *ShhExtSuite) TestPostMessageWithConfirmation() { mock := newHandlerMock(1) s.services[0].tracker.handler = mock @@ -184,7 +195,7 @@ func (s *ShhExtSuite) TestRequestMessagesErrors() { InstallationID: "1", DataDir: os.TempDir(), Debug: false, - PFSEnabled: false, + PFSEnabled: true, } service := New(shh, mock, nil, config) api := NewPublicAPI(service) @@ -250,7 +261,7 @@ func (s *ShhExtSuite) TestRequestMessagesSuccess() { InstallationID: "1", DataDir: os.TempDir(), Debug: false, - PFSEnabled: false, + PFSEnabled: true, } service := New(shh, mock, nil, config) s.Require().NoError(service.Start(aNode.Server()))