Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: add hidden types and seed words to key manager #4925

Merged
Merged
Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
5841cde
first commit
jorgeantonio21 Nov 11, 2022
cc21bd9
add seed words
jorgeantonio21 Nov 15, 2022
68bc795
first commit
jorgeantonio21 Nov 15, 2022
9b22bc6
merge development and resolve conflicts
jorgeantonio21 Nov 16, 2022
8b5dca7
address PR changes
jorgeantonio21 Nov 16, 2022
1f0c191
revert unnecessary changes
jorgeantonio21 Nov 16, 2022
b703522
add imports
jorgeantonio21 Nov 17, 2022
f39caac
add serde imports
jorgeantonio21 Nov 17, 2022
2b73026
merge development and resolve conflicts
jorgeantonio21 Nov 18, 2022
bf78cd6
update tari-utilities tag version
jorgeantonio21 Nov 18, 2022
7d7c25c
remove unused dependencies
jorgeantonio21 Nov 18, 2022
f0a16bc
update dependencies and merge development
jorgeantonio21 Nov 21, 2022
85f3b00
update to newer version of tari-crypto + resolve compiler errors
jorgeantonio21 Nov 21, 2022
8d65187
improve code chunks
jorgeantonio21 Nov 21, 2022
b2c6912
Merge branch 'development' into ja-add-zeroize-to-kdfs
jorgeantonio21 Nov 21, 2022
c98c1cd
merge development and compiled tests
jorgeantonio21 Nov 21, 2022
dd08109
catching bugs
jorgeantonio21 Nov 21, 2022
7ebbb1b
add comments
jorgeantonio21 Nov 21, 2022
654364d
add refactor
jorgeantonio21 Nov 21, 2022
75ee612
cargo fmt
jorgeantonio21 Nov 21, 2022
7924a23
refactor get_recovery_seed
jorgeantonio21 Nov 21, 2022
4568c71
Merge branch 'development' into ja-add-zeroize-to-kdfs
jorgeantonio21 Nov 21, 2022
a59985b
further refactor
jorgeantonio21 Nov 21, 2022
d284a4f
Merge branch 'development' into ja-add-zeroize-to-kdfs
jorgeantonio21 Nov 22, 2022
0808539
address PR comments
jorgeantonio21 Nov 22, 2022
c450789
address one more comment
jorgeantonio21 Nov 22, 2022
992b62f
reduce allocations, while preserving security
jorgeantonio21 Nov 22, 2022
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 70 additions & 62 deletions Cargo.lock

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions applications/tari_console_wallet/src/init/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,7 @@ pub async fn init_wallet(
}
if let Some(file_name) = seed_words_file_name {
let seed_words = wallet.get_seed_words(&MnemonicLanguage::English)?.join(" ");
let _result = fs::write(file_name, seed_words).map_err(|e| {
let _result = fs::write(file_name, seed_words.reveal()).map_err(|e| {
ExitError::new(
ExitCode::WalletError,
&format!("Problem writing seed words to file: {}", e),
Expand Down Expand Up @@ -549,7 +549,7 @@ fn confirm_seed_words(wallet: &mut WalletSqlite) -> Result<(), ExitError> {
println!("WRITE THEM DOWN OR COPY THEM NOW. THIS IS YOUR ONLY CHANCE TO DO SO.");
println!();
println!("=========================");
println!("{}", seed_words.join(" "));
println!("{}", seed_words.join(" ").reveal());
println!("=========================");
println!("\x07"); // beep!

Expand Down
18 changes: 10 additions & 8 deletions applications/tari_console_wallet/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@ use tari_common::{
configuration::bootstrap::ApplicationType,
exit_codes::{ExitCode, ExitError},
};
use tari_key_manager::cipher_seed::CipherSeed;
use tari_crypto::tari_utilities::Hidden;
use tari_key_manager::{cipher_seed::CipherSeed, SeedWords};
#[cfg(all(unix, feature = "libtor"))]
use tari_libtor::tor::Tor;
use tari_shutdown::Shutdown;
Expand Down Expand Up @@ -213,13 +214,14 @@ fn get_password(config: &ApplicationConfig, cli: &Cli) -> Option<SafePassword> {
fn get_recovery_seed(boot_mode: WalletBoot, cli: &Cli) -> Result<Option<CipherSeed>, ExitError> {
if matches!(boot_mode, WalletBoot::Recovery) {
let seed = if cli.seed_words.is_some() {
let seed_words: Vec<String> = cli
.seed_words
.clone()
.unwrap()
.split_whitespace()
.map(|v| v.to_string())
.collect();
let seed_words: SeedWords = SeedWords::new(
cli.seed_words
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved
.clone()
.unwrap()
.split_whitespace()
.map(|v| Hidden::hide(v.to_string()))
.collect(),
);
get_seed_from_seed_words(seed_words)?
} else {
prompt_private_key_from_seed_words()?
Expand Down
8 changes: 5 additions & 3 deletions applications/tari_console_wallet/src/recovery.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ use futures::FutureExt;
use log::*;
use rustyline::Editor;
use tari_common::exit_codes::{ExitCode, ExitError};
use tari_key_manager::{cipher_seed::CipherSeed, mnemonic::Mnemonic};
use tari_crypto::tari_utilities::Hidden;
use tari_key_manager::{cipher_seed::CipherSeed, mnemonic::Mnemonic, SeedWords};
use tari_shutdown::Shutdown;
use tari_utilities::hex::Hex;
use tari_wallet::{
Expand All @@ -52,7 +53,8 @@ pub fn prompt_private_key_from_seed_words() -> Result<CipherSeed, ExitError> {
println!();
println!("Type or paste all of your seed words on one line, only separated by spaces.");
let input = rl.readline(">> ").map_err(|e| ExitError::new(ExitCode::IOError, e))?;
let seed_words: Vec<String> = input.split_whitespace().map(str::to_string).collect();
let seed_words: SeedWords =
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved
SeedWords::new(input.split_whitespace().map(|s| Hidden::hide(s.to_string())).collect());

match CipherSeed::from_mnemonic(&seed_words, None) {
Ok(seed) => break Ok(seed),
Expand All @@ -66,7 +68,7 @@ pub fn prompt_private_key_from_seed_words() -> Result<CipherSeed, ExitError> {
}

/// Return seed matching the seed words.
pub fn get_seed_from_seed_words(seed_words: Vec<String>) -> Result<CipherSeed, ExitError> {
pub fn get_seed_from_seed_words(seed_words: SeedWords) -> Result<CipherSeed, ExitError> {
debug!(target: LOG_TARGET, "Return seed derived from the provided seed words");
match CipherSeed::from_mnemonic(&seed_words, None) {
Ok(seed) => Ok(seed),
Expand Down
109 changes: 75 additions & 34 deletions base_layer/key_manager/src/cipher_seed.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
// WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
// USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

use std::{convert::TryFrom, mem::size_of};
use std::{convert::TryFrom, mem::size_of, str::FromStr};

use argon2;
use chacha20::{
Expand All @@ -34,12 +34,16 @@ use rand::{rngs::OsRng, RngCore};
use serde::{Deserialize, Serialize};
use subtle::ConstantTimeEq;
use tari_crypto::hash::blake2::Blake256;
use tari_utilities::{hidden::Hidden, SafePassword};
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved
use zeroize::{Zeroize, Zeroizing};

use crate::{
error::KeyManagerError,
mac_domain_hasher,
mnemonic::{from_bytes, to_bytes, to_bytes_with_language, Mnemonic, MnemonicLanguage},
CipherSeedEncryptionKey,
CipherSeedMacKey,
SeedWords,
LABEL_ARGON_ENCODING,
LABEL_CHACHA20_ENCODING,
LABEL_MAC_GENERATION,
Expand Down Expand Up @@ -121,7 +125,7 @@ pub struct CipherSeed {
}

// This is a separate type to make the linter happy
type DerivedCipherSeedKeys = Result<(Zeroizing<Vec<u8>>, Zeroizing<Vec<u8>>), KeyManagerError>;
type DerivedCipherSeedKeys = Result<(CipherSeedEncryptionKey, CipherSeedMacKey), KeyManagerError>;

impl CipherSeed {
#[cfg(not(target_arch = "wasm32"))]
Expand Down Expand Up @@ -165,9 +169,12 @@ impl CipherSeed {
}

/// Generate an encrypted seed from a passphrase
pub fn encipher(&self, passphrase: Option<String>) -> Result<Vec<u8>, KeyManagerError> {
pub fn encipher(&self, passphrase: Option<SafePassword>) -> Result<Vec<u8>, KeyManagerError> {
// Derive encryption and MAC keys from passphrase and main salt
let passphrase = Zeroizing::new(passphrase.unwrap_or_else(|| DEFAULT_CIPHER_SEED_PASSPHRASE.to_string()));
let passphrase = passphrase.unwrap_or_else(|| {
SafePassword::from_str(DEFAULT_CIPHER_SEED_PASSPHRASE)
.expect("Failed to parse default cipher seed passphrase to SafePassword")
});
let (encryption_key, mac_key) = Self::derive_keys(&passphrase, self.salt.as_ref())?;

// Generate the MAC
Expand All @@ -176,7 +183,7 @@ impl CipherSeed {
self.entropy.as_ref(),
CIPHER_SEED_VERSION,
self.salt.as_ref(),
mac_key.as_ref(),
mac_key.reveal(),
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved
)?;

// Assemble the secret data to be encrypted: birthday, entropy, MAC
Expand All @@ -188,7 +195,7 @@ impl CipherSeed {
secret_data.extend(&mac);

// Encrypt the secret data
Self::apply_stream_cipher(&mut secret_data, encryption_key.as_ref(), self.salt.as_ref())?;
Self::apply_stream_cipher(&mut secret_data, encryption_key.reveal(), self.salt.as_ref())?;
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved

// Assemble the final seed: version, main salt, secret data, checksum
let mut encrypted_seed =
Expand All @@ -206,7 +213,10 @@ impl CipherSeed {
}

/// Recover a seed from encrypted data and a passphrase
pub fn from_enciphered_bytes(encrypted_seed: &[u8], passphrase: Option<String>) -> Result<Self, KeyManagerError> {
pub fn from_enciphered_bytes(
encrypted_seed: &[u8],
passphrase: Option<SafePassword>,
) -> Result<Self, KeyManagerError> {
// Check the length: version, birthday, entropy, MAC, salt, checksum
if encrypted_seed.len() !=
1 + CIPHER_SEED_BIRTHDAY_BYTES +
Expand Down Expand Up @@ -241,7 +251,10 @@ impl CipherSeed {
}

// Derive encryption and MAC keys from passphrase and main salt
let passphrase = Zeroizing::new(passphrase.unwrap_or_else(|| DEFAULT_CIPHER_SEED_PASSPHRASE.to_string()));
let passphrase = passphrase.unwrap_or_else(|| {
SafePassword::from_str(DEFAULT_CIPHER_SEED_PASSPHRASE)
.expect("Failed to parse default cipher seed passphrase to SafePassword")
});
let salt: Box<[u8; CIPHER_SEED_MAIN_SALT_BYTES]> = encrypted_seed
.split_off(1 + CIPHER_SEED_BIRTHDAY_BYTES + CIPHER_SEED_ENTROPY_BYTES + CIPHER_SEED_MAC_BYTES)
.into_boxed_slice()
Expand All @@ -251,7 +264,7 @@ impl CipherSeed {

// Decrypt the secret data: birthday, entropy, MAC
let mut secret_data = Zeroizing::new(encrypted_seed.split_off(1));
Self::apply_stream_cipher(&mut secret_data, encryption_key.as_ref(), salt.as_ref())?;
Self::apply_stream_cipher(&mut secret_data, encryption_key.reveal(), salt.as_ref())?;
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved

// Parse secret data
let mac = secret_data.split_off(CIPHER_SEED_BIRTHDAY_BYTES + CIPHER_SEED_ENTROPY_BYTES);
Expand All @@ -271,7 +284,7 @@ impl CipherSeed {
entropy.as_ref(),
version,
salt.as_ref(),
mac_key.as_ref(),
mac_key.reveal(),
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved
)?;

// Verify the MAC in constant time to avoid leaking data
Expand Down Expand Up @@ -343,7 +356,7 @@ impl CipherSeed {
}

/// Use Argon2 to derive encryption and MAC keys from a passphrase and main salt
fn derive_keys(passphrase: &str, salt: &[u8]) -> DerivedCipherSeedKeys {
fn derive_keys(passphrase: &SafePassword, salt: &[u8]) -> DerivedCipherSeedKeys {
// The Argon2 salt is derived from the main salt
let argon2_salt = mac_domain_hasher::<Blake256>(LABEL_ARGON_ENCODING)
.chain(salt)
Expand All @@ -362,15 +375,23 @@ impl CipherSeed {
.map_err(|_| KeyManagerError::CryptographicError("Problem generating Argon2 parameters".to_string()))?;

// Derive the main key from the password in place
let mut main_key = Zeroizing::new([0u8; CIPHER_SEED_ENCRYPTION_KEY_BYTES + CIPHER_SEED_MAC_KEY_BYTES]);
let mut main_key = Hidden::hide([0u8; CIPHER_SEED_ENCRYPTION_KEY_BYTES + CIPHER_SEED_MAC_KEY_BYTES]);
let hasher = argon2::Argon2::new(argon2::Algorithm::Argon2d, argon2::Version::V0x13, params);
hasher
.hash_password_into(passphrase.as_bytes(), argon2_salt, main_key.as_mut())
.hash_password_into(passphrase.reveal(), argon2_salt, main_key.reveal_mut())
.map_err(|_| KeyManagerError::CryptographicError("Problem generating Argon2 password hash".to_string()))?;

// Split off the keys
let encryption_key = Zeroizing::new(main_key.as_ref()[..CIPHER_SEED_ENCRYPTION_KEY_BYTES].to_vec());
let mac_key = Zeroizing::new(main_key.as_ref()[CIPHER_SEED_ENCRYPTION_KEY_BYTES..].to_vec());
let mut encryption_key = CipherSeedEncryptionKey::from([0u8; CIPHER_SEED_ENCRYPTION_KEY_BYTES]);
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved
encryption_key
.reveal_mut()
.copy_from_slice(&main_key.reveal()[..CIPHER_SEED_ENCRYPTION_KEY_BYTES]);

let mut mac_key = CipherSeedMacKey::from([0u8; CIPHER_SEED_MAC_KEY_BYTES]);
jorgeantonio21 marked this conversation as resolved.
Show resolved Hide resolved
mac_key
.reveal_mut()
.copy_from_slice(&main_key.reveal()[CIPHER_SEED_ENCRYPTION_KEY_BYTES..]);

Ok((encryption_key, mac_key))
}
}
Expand All @@ -384,16 +405,19 @@ impl Default for CipherSeed {
impl Mnemonic<CipherSeed> for CipherSeed {
/// Generates a CipherSeed that represent the provided mnemonic sequence of words, the language of the mnemonic
/// sequence is autodetected
fn from_mnemonic(mnemonic_seq: &[String], passphrase: Option<String>) -> Result<CipherSeed, KeyManagerError> {
fn from_mnemonic(
mnemonic_seq: &SeedWords,
passphrase: Option<SafePassword>,
) -> Result<CipherSeed, KeyManagerError> {
let bytes = to_bytes(mnemonic_seq)?;
CipherSeed::from_enciphered_bytes(&bytes, passphrase)
}

/// Generates a SecretKey that represent the provided mnemonic sequence of words using the specified language
fn from_mnemonic_with_language(
mnemonic_seq: &[String],
mnemonic_seq: &SeedWords,
language: MnemonicLanguage,
passphrase: Option<String>,
passphrase: Option<SafePassword>,
) -> Result<CipherSeed, KeyManagerError> {
let bytes = to_bytes_with_language(mnemonic_seq, &language)?;
CipherSeed::from_enciphered_bytes(&bytes, passphrase)
Expand All @@ -403,43 +427,53 @@ impl Mnemonic<CipherSeed> for CipherSeed {
fn to_mnemonic(
&self,
language: MnemonicLanguage,
passphrase: Option<String>,
) -> Result<Vec<String>, KeyManagerError> {
passphrase: Option<SafePassword>,
) -> Result<SeedWords, KeyManagerError> {
Ok(from_bytes(&self.encipher(passphrase)?, language)?)
}
}

#[cfg(test)]
mod test {
use std::str::FromStr;

use crc32fast::Hasher as CrcHasher;
use tari_utilities::{Hidden, SafePassword};

use super::BIRTHDAY_GENESIS_FROM_UNIX_EPOCH;
use crate::{
cipher_seed::{CipherSeed, CIPHER_SEED_VERSION},
error::KeyManagerError,
get_birthday_from_unix_epoch_in_seconds,
mnemonic::{Mnemonic, MnemonicLanguage},
SeedWords,
};

#[test]
fn test_cipher_seed_generation_and_deciphering() {
let seed = CipherSeed::new();

let mut enciphered_seed = seed.encipher(Some("Passphrase".to_string())).unwrap();
let mut enciphered_seed = seed
.encipher(Some(SafePassword::from_str("Passphrase").unwrap()))
.unwrap();

let deciphered_seed =
CipherSeed::from_enciphered_bytes(&enciphered_seed, Some("Passphrase".to_string())).unwrap();
CipherSeed::from_enciphered_bytes(&enciphered_seed, Some(SafePassword::from_str("Passphrase").unwrap()))
.unwrap();

assert_eq!(seed, deciphered_seed);

match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some("WrongPassphrase".to_string())) {
match CipherSeed::from_enciphered_bytes(
&enciphered_seed,
Some(SafePassword::from_str("WrongPassphrase").unwrap()),
) {
Err(KeyManagerError::DecryptionFailed) => (),
_ => panic!("Version should not match"),
}

enciphered_seed[0] = CIPHER_SEED_VERSION + 1; // this is an unsupported version

match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some("Passphrase".to_string())) {
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some(SafePassword::from_str("Passphrase").unwrap())) {
Err(KeyManagerError::VersionMismatch) => (),
_ => panic!("Version should not match"),
}
Expand All @@ -449,7 +483,7 @@ mod test {

// flip some bits
enciphered_seed[1] = !enciphered_seed[1];
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some("Passphrase".to_string())) {
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some(SafePassword::from_str("Passphrase").unwrap())) {
Err(KeyManagerError::CrcError) => (),
_ => panic!("Crc should not match"),
}
Expand All @@ -475,7 +509,7 @@ mod test {
enciphered_seed[(n - 4)..].copy_from_slice(&calculated_checksum);

// the MAC decryption should fail in this case
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some("passphrase".to_string())) {
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some(SafePassword::from_str("passphrase").unwrap())) {
Err(KeyManagerError::DecryptionFailed) => (),
_ => panic!("Decryption should fail"),
}
Expand All @@ -502,7 +536,7 @@ mod test {
enciphered_seed[(n - 4)..].copy_from_slice(&calculated_checksum);

// the MAC decryption should fail in this case
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some("passphrase".to_string())) {
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some(SafePassword::from_str("passphrase").unwrap())) {
Err(KeyManagerError::DecryptionFailed) => (),
_ => panic!("Decryption should fail"),
}
Expand All @@ -528,7 +562,7 @@ mod test {
enciphered_seed[(n - 4)..].copy_from_slice(&calculated_checksum);

// the MAC decryption should fail in this case
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some("passphrase".to_string())) {
match CipherSeed::from_enciphered_bytes(&enciphered_seed, Some(SafePassword::from_str("passphrase").unwrap())) {
Err(KeyManagerError::DecryptionFailed) => (),
_ => panic!("Decryption should fail"),
}
Expand Down Expand Up @@ -559,8 +593,9 @@ mod test {
"cover", "vote", "federal", "husband", "cave", "alone", "dynamic", "reopen", "visa", "young", "gas",
]
.iter()
.map(|x| x.to_string())
.collect::<Vec<String>>();
.map(|x| Hidden::hide(x.to_string()))
.collect::<Vec<Hidden<String>>>();
let mnemonic_seq = SeedWords::new(mnemonic_seq);
// Language not known
match CipherSeed::from_mnemonic(&mnemonic_seq, None) {
Ok(_k) => panic!(),
Expand All @@ -577,18 +612,24 @@ mod test {
fn cipher_seed_to_and_from_mnemonic_with_passphrase() {
let seed = CipherSeed::new();
let mnemonic_seq = seed
.to_mnemonic(MnemonicLanguage::Spanish, Some("Passphrase".to_string()))
.to_mnemonic(
MnemonicLanguage::Spanish,
Some(SafePassword::from_str("Passphrase").unwrap()),
)
.expect("Couldn't convert CipherSeed to Mnemonic");
match CipherSeed::from_mnemonic(&mnemonic_seq, Some("Passphrase".to_string())) {
match CipherSeed::from_mnemonic(&mnemonic_seq, Some(SafePassword::from_str("Passphrase").unwrap())) {
Ok(mnemonic_seed) => assert_eq!(seed, mnemonic_seed),
Err(e) => panic!("Couldn't create CipherSeed from Mnemonic: {}", e),
}

let mnemonic_seq = seed
.to_mnemonic(MnemonicLanguage::Spanish, Some("Passphrase".to_string()))
.to_mnemonic(
MnemonicLanguage::Spanish,
Some(SafePassword::from_str("Passphrase").unwrap()),
)
.expect("Couldn't convert CipherSeed to Mnemonic");
assert!(
CipherSeed::from_mnemonic(&mnemonic_seq, Some("WrongPassphrase".to_string())).is_err(),
CipherSeed::from_mnemonic(&mnemonic_seq, Some(SafePassword::from_str("WrongPassphrase").unwrap())).is_err(),
"Should not be able to derive seed with wrong passphrase"
);
}
Expand Down
Loading