Skip to content
This repository has been archived by the owner on Jul 31, 2018. It is now read-only.

Commit

Permalink
Don't keep masterKey in memory
Browse files Browse the repository at this point in the history
  • Loading branch information
nono committed Feb 24, 2016
1 parent ce2b9b1 commit c528356
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 39 deletions.
32 changes: 10 additions & 22 deletions server/lib/encryption.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ user = new User()

cryptoTools = new CryptoTools()

masterKey = null
slaveKey = null
day = 24 * 60 * 60 * 1000

Expand Down Expand Up @@ -48,7 +47,7 @@ getBody = (domain) ->

resetTimeout = -> timeout = null
sendMailNow = ->
if (masterKey? and slaveKey?)
if slaveKey?
return resetTimeout()

user.getUser (err, user) ->
Expand Down Expand Up @@ -79,12 +78,10 @@ sendMail = ->


## function updateKeys (oldKey,password, encryptedslaveKey, callback)
## @oldKey {string} Old master key
## @password {string} user's password
## @encryptedslaveKey {string} encrypted slave key
## @callback {function} Continuation to pass control back to when complete.
## Update keys, return in data new encrypted slave key and new salt
updateKeys = (oldKey, password, encryptedslaveKey, callback) ->
updateKeys = (password, callback) ->
salt = cryptoTools.genSalt(32 - password.length)
masterKey = cryptoTools.genHashWithSalt password, salt
encryptedSlaveKey = cryptoTools.encrypt masterKey, slaveKey
Expand All @@ -98,28 +95,25 @@ updateKeys = (oldKey, password, encryptedslaveKey, callback) ->
## Return encrypted password
exports.encrypt = (password) ->
if password? and process.env.NODE_ENV isnt "development"
if masterKey? and slaveKey?
if slaveKey?
newPwd = cryptoTools.encrypt slaveKey, password
return newPwd
else
sendMail()
err = new Error "master key and slave key don't exist"
err = new Error "slave key doesn't exist"
logger.error err.message
throw err
else
return password


exports.get = -> return masterKey


## function decrypt (password, callback)
## @password {string} document password
## @callback {function} Continuation to pass control back to when complete.
## Return decrypted password if password was encrypted
exports.decrypt = (password) ->
if password? and process.env.NODE_ENV isnt "development"
if masterKey? and slaveKey?
if slaveKey?
newPwd = password
try
newPwd = cryptoTools.decrypt slaveKey, password
Expand Down Expand Up @@ -178,18 +172,12 @@ exports.logIn = (password, user, callback) ->
## @callback {function} Continuation to pass control back to when complete.
## Update keys when user changes his password
exports.update = (password, user, callback) ->
unless masterKey? and slaveKey?
err = errors.http 400, "masterKey and slaveKey don't exist"
logger.error "[update] : #{err}"
return callback err

if masterKey.length isnt 32
err = errors.http 400, """
password to initialize keys is different than user password"""
unless slaveKey?
err = errors.http 400, "slaveKey doesn't exist"
logger.error "[update] : #{err}"
return callback err

updateKeys masterKey, password, slaveKey, (data) ->
updateKeys password, (data) ->
db.merge user._id, data, (err, res) ->
if err
logger.error "[update] : #{err}"
Expand All @@ -211,6 +199,6 @@ exports.reset = (user, callback) ->
callback()

## function isLog ()
## Return if keys exist so if user is connected
## Return true if slaveKey exists, which indicates if user is connected
exports.isLog = ->
return slaveKey? and masterKey?
return slaveKey?
16 changes: 2 additions & 14 deletions tests/account_tests.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ prefix = helpers.prefix
Crypto = require "#{prefix}server/lib/crypto_tools"
User = require "#{prefix}server/lib/user"
randomString = require("#{prefix}server/lib/random").randomString
encryption = require "#{prefix}server/lib/encryption"
getMasterKey = encryption.get
db = require("#{prefix}server/helpers/db_connect_helper").db_connect()
client = helpers.getClient()
crypto = new Crypto()
Expand Down Expand Up @@ -88,17 +86,12 @@ describe "Account handling tests", ->
should.not.equal @salt, undefined
@salt.length.should.equal 24

it "And master key should be initialized", ->
@masterKey = crypto.genHashWithSalt @cozyPwd, @salt
key = getMasterKey()
should.not.equal key, null
key.should.equal @masterKey

it "And object 'User' should have a slave key", ->
@body.should.have.property 'slaveKey'
@encryptedSlaveKey = @body.slaveKey

it "And the length of the slave key should be equal to 32", ->
@masterKey = crypto.genHashWithSalt @cozyPwd, @salt
@slaveKey = crypto.decrypt @masterKey, @encryptedSlaveKey
@slaveKey.length.should.be.equal 32

Expand All @@ -125,17 +118,12 @@ describe "Account handling tests", ->
should.not.equal @salt, undefined
@salt.length.should.equal 24

it "And master key should be initialized", ->
@masterKey = crypto.genHashWithSalt @cozyPwd, @salt
key = getMasterKey()
should.not.equal key, null
key.should.equal @masterKey

it "And object 'User' should have a slave key", ->
@body.should.have.property 'slaveKey'
@encryptedSlaveKey = @body.slaveKey

it "And the length of the slave key should be equal to 32", ->
@masterKey = crypto.genHashWithSalt @cozyPwd, @salt
@slaveKey = crypto.decrypt @masterKey, @encryptedSlaveKey
@slaveKey.length.should.be.equal 32

Expand Down
4 changes: 1 addition & 3 deletions tests/encryption_tests.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ helpers = require './helpers'

Crypto = require "#{helpers.prefix}server/lib/crypto_tools"
User = require "#{helpers.prefix}server/lib/user"
randomString = require("#{helpers.prefix}server/lib/random").randomString
getMasterKey = require("#{helpers.prefix}server/lib/encryption").get

# connection to DB for "hand work"
db = require("#{helpers.prefix}server/helpers/db_connect_helper").db_connect()
Expand Down Expand Up @@ -157,4 +155,4 @@ describe "Encryption handling tests", ->
it "When I add a document with password", (done) ->
client.post '/request/user/all/', {}, (err, res, body) =>
body[0].value.password.should.equal "password"
done()
done()

0 comments on commit c528356

Please sign in to comment.