Hash password before using it (#1306)

This commit is contained in:
Andrea Maria Piana 2018-12-10 14:11:19 +01:00 committed by GitHub
parent db691fd763
commit b676de9dac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 14 deletions

View File

@ -1 +1 @@
0.18.1-beta 0.18.2-beta

View File

@ -53,7 +53,7 @@ func NewSQLLitePersistence(path string, key string) (*SQLLitePersistence, error)
return s, nil return s, nil
} }
func MigrateDBFile(oldPath string, newPath string, key string) error { func MigrateDBFile(oldPath string, newPath string, oldKey string, newKey string) error {
_, err := os.Stat(oldPath) _, err := os.Stat(oldPath)
// No files, nothing to do // No files, nothing to do
@ -70,13 +70,12 @@ func MigrateDBFile(oldPath string, newPath string, key string) error {
return err return err
} }
// Migrate dev/nightly builds which used ON as a key for debugging db, err := openDB(newPath, oldKey)
db, err := openDB(newPath, "ON")
if err != nil { if err != nil {
return err return err
} }
keyString := fmt.Sprintf("PRAGMA rekey=%s", key) keyString := fmt.Sprintf("PRAGMA rekey = '%s'", newKey)
if _, err = db.Exec(keyString); err != nil { if _, err = db.Exec(keyString); err != nil {
return err return err
@ -92,7 +91,7 @@ func openDB(path string, key string) (*sql.DB, error) {
return nil, err return nil, err
} }
keyString := fmt.Sprintf("PRAGMA key=%s", key) keyString := fmt.Sprintf("PRAGMA key = '%s'", key)
// Disable concurrent access as not supported by the driver // Disable concurrent access as not supported by the driver
db.SetMaxOpenConns(1) db.SetMaxOpenConns(1)

View File

@ -8,6 +8,7 @@ import (
"path/filepath" "path/filepath"
"github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/crypto/sha3"
"github.com/ethereum/go-ethereum/node" "github.com/ethereum/go-ethereum/node"
"github.com/ethereum/go-ethereum/p2p" "github.com/ethereum/go-ethereum/p2p"
"github.com/ethereum/go-ethereum/p2p/enode" "github.com/ethereum/go-ethereum/p2p/enode"
@ -108,17 +109,28 @@ func (s *Service) InitProtocol(address string, password string) error {
return nil return nil
} }
digest := sha3.Sum256([]byte(password))
hashedPassword := fmt.Sprintf("%x", digest)
if err := os.MkdirAll(filepath.Clean(s.dataDir), os.ModePerm); err != nil { if err := os.MkdirAll(filepath.Clean(s.dataDir), os.ModePerm); err != nil {
return err return err
} }
oldPath := filepath.Join(s.dataDir, fmt.Sprintf("%x.db", address)) v0Path := filepath.Join(s.dataDir, fmt.Sprintf("%x.db", address))
newPath := filepath.Join(s.dataDir, fmt.Sprintf("%s.db", s.installationID)) v1Path := filepath.Join(s.dataDir, fmt.Sprintf("%s.db", s.installationID))
v2Path := filepath.Join(s.dataDir, fmt.Sprintf("%s.v2.db", s.installationID))
if err := chat.MigrateDBFile(oldPath, newPath, password); err != nil { if err := chat.MigrateDBFile(v0Path, v1Path, "ON", password); err != nil {
return err return err
} }
persistence, err := chat.NewSQLLitePersistence(newPath, password) if err := chat.MigrateDBFile(v1Path, v2Path, password, hashedPassword); err != nil {
// Remove db file as created with a blank password and never used,
// and there's no need to rekey in this case
os.Remove(v1Path)
os.Remove(v2Path)
}
persistence, err := chat.NewSQLLitePersistence(v2Path, hashedPassword)
if err != nil { if err != nil {
return err return err
} }

View File

@ -4,6 +4,7 @@ import (
"context" "context"
"errors" "errors"
"fmt" "fmt"
"io/ioutil"
"math" "math"
"os" "os"
"testing" "testing"
@ -72,6 +73,10 @@ func (s *ShhExtSuite) SetupTest() {
s.nodes = make([]*node.Node, 2) s.nodes = make([]*node.Node, 2)
s.services = make([]*Service, 2) s.services = make([]*Service, 2)
s.whisper = make([]*whisper.Whisper, 2) s.whisper = make([]*whisper.Whisper, 2)
directory, err := ioutil.TempDir("", "status-go-testing")
s.Require().NoError(err)
for i := range s.nodes { for i := range s.nodes {
i := i // bind i to be usable in service constructors i := i // bind i to be usable in service constructors
cfg := &node.Config{ cfg := &node.Config{
@ -88,11 +93,12 @@ func (s *ShhExtSuite) SetupTest() {
s.NoError(stack.Register(func(n *node.ServiceContext) (node.Service, error) { s.NoError(stack.Register(func(n *node.ServiceContext) (node.Service, error) {
return s.whisper[i], nil return s.whisper[i], nil
})) }))
config := &ServiceConfig{ config := &ServiceConfig{
InstallationID: "1", InstallationID: "1",
DataDir: os.TempDir(), DataDir: directory,
Debug: true, Debug: true,
PFSEnabled: false, PFSEnabled: true,
MailServerConfirmations: true, MailServerConfirmations: true,
ConnectionTarget: 10, ConnectionTarget: 10,
} }
@ -106,6 +112,11 @@ func (s *ShhExtSuite) SetupTest() {
s.services[0].tracker.handler = newHandlerMock(1) s.services[0].tracker.handler = newHandlerMock(1)
} }
func (s *ShhExtSuite) TestInitProtocol() {
err := s.services[0].InitProtocol("example-address", "`090///\nhtaa\rhta9x8923)$$'23")
s.NoError(err)
}
func (s *ShhExtSuite) TestPostMessageWithConfirmation() { func (s *ShhExtSuite) TestPostMessageWithConfirmation() {
mock := newHandlerMock(1) mock := newHandlerMock(1)
s.services[0].tracker.handler = mock s.services[0].tracker.handler = mock
@ -184,7 +195,7 @@ func (s *ShhExtSuite) TestRequestMessagesErrors() {
InstallationID: "1", InstallationID: "1",
DataDir: os.TempDir(), DataDir: os.TempDir(),
Debug: false, Debug: false,
PFSEnabled: false, PFSEnabled: true,
} }
service := New(shh, mock, nil, config) service := New(shh, mock, nil, config)
api := NewPublicAPI(service) api := NewPublicAPI(service)
@ -250,7 +261,7 @@ func (s *ShhExtSuite) TestRequestMessagesSuccess() {
InstallationID: "1", InstallationID: "1",
DataDir: os.TempDir(), DataDir: os.TempDir(),
Debug: false, Debug: false,
PFSEnabled: false, PFSEnabled: true,
} }
service := New(shh, mock, nil, config) service := New(shh, mock, nil, config)
s.Require().NoError(service.Start(aNode.Server())) s.Require().NoError(service.Start(aNode.Server()))