selfpass/sp/repositories/config.go

package repositories

import (
	"bytes"
	"crypto/rand"
	"errors"
	"fmt"
	"io/ioutil"
	"os"

	"github.com/mitchellh/go-homedir"
	"github.com/spf13/viper"
	"gopkg.in/AlecAivazis/survey.v1"

	"github.com/mitchell/selfpass/sp/crypto"
	"github.com/mitchell/selfpass/sp/types"
)

var ErrNoConfigFound = errors.New("no config found, run 'init' command")

func NewConfigManager(cfgFile *string) *ConfigManager {
	return &ConfigManager{
		cfgFile: cfgFile,
	}
}

type ConfigManager struct {
	masterpass string
	cfgFile    *string
	v          *viper.Viper
}

func (mgr *ConfigManager) SetMasterpass(masterpass string) {
	mgr.masterpass = masterpass
}

func (mgr *ConfigManager) OpenConfig() (output string, v *viper.Viper, err error) {
	if mgr.masterpass != "" {
		return mgr.masterpass, mgr.v, nil
	}
	cfg := *mgr.cfgFile

	mgr.v = viper.New()
	mgr.v.SetConfigType("toml")

	if cfg == "" {
		home, err := homedir.Dir()
		if err != nil {
			return output, nil, err
		}

		cfg = home + "/.sp.toml"
	}

	mgr.v.SetConfigFile(cfg)
	mgr.cfgFile = &cfg

	var contents []byte
	var configDecrypted bool

	if _, err := os.Open(cfg); os.IsNotExist(err) {
		return output, mgr.v, ErrNoConfigFound
	}

	prompt := &survey.Password{Message: "Master password:"}
	if err = survey.AskOne(prompt, &mgr.masterpass, nil); err != nil {
		return output, nil, err
	}

	contents, err = decryptConfig(mgr.masterpass, cfg)
	if err == errConfigDecrypted {
		configDecrypted = true
	} else if err != nil && err.Error() == crypto.ErrAuthenticationFailed.Error() {
		return output, nil, errors.New("incorrect masterpass")
	} else if err != nil {
		return output, nil, err
	}

	if err = mgr.v.ReadConfig(bytes.NewBuffer(contents)); err != nil {
		return output, nil, err
	}

	if configDecrypted {
		fmt.Println("Config wasn't encrypted, or has been compromised.")

		if err = mgr.WriteConfig(); err != nil {
			return output, nil, err
		}
	}

	return mgr.masterpass, mgr.v, nil
}

var errConfigDecrypted = errors.New("config is decrypted")

func decryptConfig(masterpass string, cfgFile string) (contents []byte, err error) {
	contents, err = ioutil.ReadFile(cfgFile)
	if err != nil {
		return contents, err
	}

	if string(contents[:len(types.KeyPrivateKey)]) == types.KeyPrivateKey {
		return contents, errConfigDecrypted
	}

	salt := contents[:saltSize]
	contents = contents[saltSize:]

	passkey := crypto.GeneratePBKDF2Key([]byte(masterpass), salt)

	plaintext, err := crypto.GCMDecrypt(passkey, contents)
	if err != nil {
		return contents, err
	}

	return plaintext, nil
}

func (mgr ConfigManager) DecryptConfig() error {
	if err := mgr.v.WriteConfig(); err != nil {
		return err
	}

	return nil
}

func (mgr ConfigManager) WriteConfig() (err error) {
	if err := mgr.v.WriteConfigAs(*mgr.cfgFile); err != nil {
		return err
	}

	contents, err := ioutil.ReadFile(mgr.v.ConfigFileUsed())
	if err != nil {
		return err
	}

	salt := make([]byte, saltSize)
	_, err = rand.Read(salt)
	if err != nil {
		return err
	}

	keypass := crypto.GeneratePBKDF2Key([]byte(mgr.masterpass), salt)

	contents, err = crypto.GCMEncrypt(keypass, contents)
	if err != nil {
		return err
	}

	contents = append(salt, contents...)

	err = ioutil.WriteFile(mgr.v.ConfigFileUsed(), contents, 0600)
	if err != nil {
		return err
	}

	return nil
}

const saltSize = 16
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`package repositories`

			`import (`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`"bytes"`
Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`"crypto/rand"`
			`"errors"`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`"fmt"`
			`"io/ioutil"`
			`"os"`

			`"github.com/mitchellh/go-homedir"`
			`"github.com/spf13/viper"`
			`"gopkg.in/AlecAivazis/survey.v1"`

Separate cli into its own module; rename it to sp 2019-07-11 06:05:59 +00:00			`"github.com/mitchell/selfpass/sp/crypto"`
			`"github.com/mitchell/selfpass/sp/types"`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`)`

Modify cmds that list metadata to not sort; refactor to credentials flags; fix issue with init command 2019-08-01 03:17:38 +00:00			`var ErrNoConfigFound = errors.New("no config found, run 'init' command")`

Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`func NewConfigManager(cfgFile string) ConfigManager {`
			`return &ConfigManager{`
			`cfgFile: cfgFile,`
			`}`
			`}`

			`type ConfigManager struct {`
			`masterpass string`
			`cfgFile *string`
			`v *viper.Viper`
			`}`

			`func (mgr *ConfigManager) SetMasterpass(masterpass string) {`
			`mgr.masterpass = masterpass`
			`}`

			`func (mgr ConfigManager) OpenConfig() (output string, v viper.Viper, err error) {`
			`if mgr.masterpass != "" {`
			`return mgr.masterpass, mgr.v, nil`
			`}`
			`cfg := *mgr.cfgFile`

Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`mgr.v = viper.New()`
			`mgr.v.SetConfigType("toml")`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`if cfg == "" {`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`home, err := homedir.Dir()`
			`if err != nil {`
			`return output, nil, err`
			`}`

Separate cli into its own module; rename it to sp 2019-07-11 06:05:59 +00:00			`cfg = home + "/.sp.toml"`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`

Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`mgr.v.SetConfigFile(cfg)`
			`mgr.cfgFile = &cfg`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`var contents []byte`
Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`var configDecrypted bool`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00
			`if _, err := os.Open(cfg); os.IsNotExist(err) {`
Modify cmds that list metadata to not sort; refactor to credentials flags; fix issue with init command 2019-08-01 03:17:38 +00:00			`return output, mgr.v, ErrNoConfigFound`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`}`

			`prompt := &survey.Password{Message: "Master password:"}`
			`if err = survey.AskOne(prompt, &mgr.masterpass, nil); err != nil {`
			`return output, nil, err`
			`}`

Swapped AES-CBC for GCM for all symmetric encryption; bolstered TLS configs 2019-06-07 09:03:15 +00:00			`contents, err = decryptConfig(mgr.masterpass, cfg)`
Modify sp and services to use the protobuf module 2019-07-12 01:02:46 +00:00			`if err == errConfigDecrypted {`
Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`configDecrypted = true`
Modify sp and services to use the protobuf module 2019-07-12 01:02:46 +00:00			`} else if err != nil && err.Error() == crypto.ErrAuthenticationFailed.Error() {`
			`return output, nil, errors.New("incorrect masterpass")`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`} else if err != nil {`
			`return output, nil, err`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`

Modify sp and services to use the protobuf module 2019-07-12 01:02:46 +00:00			`if err = mgr.v.ReadConfig(bytes.NewBuffer(contents)); err != nil {`
Swapped AES-CBC for GCM for all symmetric encryption; bolstered TLS configs 2019-06-07 09:03:15 +00:00			`return output, nil, err`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`}`

Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`if configDecrypted {`
Swapped AES-CBC for GCM for all symmetric encryption; bolstered TLS configs 2019-06-07 09:03:15 +00:00			`fmt.Println("Config wasn't encrypted, or has been compromised.")`

Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`if err = mgr.WriteConfig(); err != nil {`
			`return output, nil, err`
			`}`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`

			`return mgr.masterpass, mgr.v, nil`
			`}`

Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`var errConfigDecrypted = errors.New("config is decrypted")`

Swapped AES-CBC for GCM for all symmetric encryption; bolstered TLS configs 2019-06-07 09:03:15 +00:00			`func decryptConfig(masterpass string, cfgFile string) (contents []byte, err error) {`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`contents, err = ioutil.ReadFile(cfgFile)`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`if err != nil {`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`return contents, err`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`

Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`if string(contents[:len(types.KeyPrivateKey)]) == types.KeyPrivateKey {`
			`return contents, errConfigDecrypted`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`

Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`salt := contents[:saltSize]`
			`contents = contents[saltSize:]`

			`passkey := crypto.GeneratePBKDF2Key([]byte(masterpass), salt)`

Swapped AES-CBC for GCM for all symmetric encryption; bolstered TLS configs 2019-06-07 09:03:15 +00:00			`plaintext, err := crypto.GCMDecrypt(passkey, contents)`
			`if err != nil {`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`return contents, err`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`

Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`return plaintext, nil`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`

Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`func (mgr ConfigManager) DecryptConfig() error {`
			`if err := mgr.v.WriteConfig(); err != nil {`
			`return err`
			`}`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`return nil`
			`}`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`func (mgr ConfigManager) WriteConfig() (err error) {`
			`if err := mgr.v.WriteConfigAs(*mgr.cfgFile); err != nil {`
			`return err`
			`}`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`contents, err := ioutil.ReadFile(mgr.v.ConfigFileUsed())`
			`if err != nil {`
			`return err`
			`}`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00
Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`salt := make([]byte, saltSize)`
			`_, err = rand.Read(salt)`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`if err != nil {`
			`return err`
			`}`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00
Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`keypass := crypto.GeneratePBKDF2Key([]byte(mgr.masterpass), salt)`

Swapped AES-CBC for GCM for all symmetric encryption; bolstered TLS configs 2019-06-07 09:03:15 +00:00			`contents, err = crypto.GCMEncrypt(keypass, contents)`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`if err != nil {`
			`return err`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`

Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00			`contents = append(salt, contents...)`

Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00			`err = ioutil.WriteFile(mgr.v.ConfigFileUsed(), contents, 0600)`
			`if err != nil {`
			`return err`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`
Major refactor of config encryption strategy 2019-06-05 06:40:06 +00:00
			`return nil`
Refactored config management strategy for spc 2019-06-02 08:47:19 +00:00			`}`
Change all key generation to use PBKDF2; change all internal encryption back to cbc mode; add hidden command to convert from gcm to cbc internally 2019-07-09 00:45:01 +00:00
			`const saltSize = 16`