Fix keyring locked detection
This commit is contained in:
Bernd Schoolmann
parent
ebe3dd44b5
commit
6311d6fbac
@ -89,14 +89,14 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
cfg.SetUserSymmetricKey(vault.Keyring.AccountKey.Bytes())
|
cfg.SetUserSymmetricKey(vault.Keyring.GetAccountKey().Bytes())
|
||||||
cfg.SetMasterPasswordHash([]byte(masterpasswordHash))
|
cfg.SetMasterPasswordHash([]byte(masterpasswordHash))
|
||||||
cfg.SetMasterKey([]byte(masterKey.GetBytes()))
|
cfg.SetMasterKey([]byte(masterKey.GetBytes()))
|
||||||
var protectedUserSymetricKey crypto.SymmetricEncryptionKey
|
var protectedUserSymetricKey crypto.SymmetricEncryptionKey
|
||||||
if vault.Keyring.IsMemguard {
|
if vault.Keyring.IsMemguard {
|
||||||
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(vault.Keyring.AccountKey.Bytes())
|
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(vault.Keyring.GetAccountKey().Bytes())
|
||||||
} else {
|
} else {
|
||||||
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(vault.Keyring.AccountKey.Bytes())
|
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(vault.Keyring.GetAccountKey().Bytes())
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
var payload = messages.ActionResponse{
|
var payload = messages.ActionResponse{
|
||||||
|
|||||||
@ -47,7 +47,7 @@ func InitKeyringFromMasterKey(keyring *Keyring, accountKey EncString, accountPri
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
keyring.AccountKey = accountSymmetricKey
|
keyring.UnlockWithAccountKey(accountSymmetricKey)
|
||||||
|
|
||||||
pkcs8PrivateKey, err := DecryptWith(accountPrivateKey, accountSymmetricKey)
|
pkcs8PrivateKey, err := DecryptWith(accountPrivateKey, accountSymmetricKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -64,7 +64,7 @@ func InitKeyringFromMasterKey(keyring *Keyring, accountKey EncString, accountPri
|
|||||||
}
|
}
|
||||||
|
|
||||||
func InitKeyringFromUserSymmetricKey(keyring *Keyring, accountSymmetricKey SymmetricEncryptionKey, accountPrivateKey EncString, orgKeys map[string]string) error {
|
func InitKeyringFromUserSymmetricKey(keyring *Keyring, accountSymmetricKey SymmetricEncryptionKey, accountPrivateKey EncString, orgKeys map[string]string) error {
|
||||||
keyring.AccountKey = accountSymmetricKey
|
keyring.UnlockWithAccountKey(accountSymmetricKey)
|
||||||
pkcs8PrivateKey, err := DecryptWith(accountPrivateKey, accountSymmetricKey)
|
pkcs8PrivateKey, err := DecryptWith(accountPrivateKey, accountSymmetricKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
@ -9,7 +9,8 @@ import (
|
|||||||
var keyringLog = logging.GetLogger("Goldwarden", "Keyring")
|
var keyringLog = logging.GetLogger("Goldwarden", "Keyring")
|
||||||
|
|
||||||
type Keyring struct {
|
type Keyring struct {
|
||||||
AccountKey SymmetricEncryptionKey
|
isLocked bool
|
||||||
|
accountKey SymmetricEncryptionKey
|
||||||
AsymmetricEncyryptionKey AsymmetricEncryptionKey
|
AsymmetricEncyryptionKey AsymmetricEncryptionKey
|
||||||
IsMemguard bool
|
IsMemguard bool
|
||||||
OrganizationKeys map[string]string
|
OrganizationKeys map[string]string
|
||||||
@ -18,28 +19,41 @@ type Keyring struct {
|
|||||||
func NewMemoryKeyring(accountKey *MemorySymmetricEncryptionKey) Keyring {
|
func NewMemoryKeyring(accountKey *MemorySymmetricEncryptionKey) Keyring {
|
||||||
keyringLog.Info("Creating new memory keyring")
|
keyringLog.Info("Creating new memory keyring")
|
||||||
return Keyring{
|
return Keyring{
|
||||||
AccountKey: accountKey,
|
isLocked: accountKey == nil,
|
||||||
|
accountKey: accountKey,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewMemguardKeyring(accountKey *MemguardSymmetricEncryptionKey) Keyring {
|
func NewMemguardKeyring(accountKey *MemguardSymmetricEncryptionKey) Keyring {
|
||||||
keyringLog.Info("Creating new memguard keyring")
|
keyringLog.Info("Creating new memguard keyring")
|
||||||
return Keyring{
|
return Keyring{
|
||||||
AccountKey: accountKey,
|
isLocked: accountKey == nil,
|
||||||
|
accountKey: accountKey,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (keyring Keyring) IsLocked() bool {
|
func (keyring Keyring) IsLocked() bool {
|
||||||
return keyring.AccountKey == nil
|
return keyring.isLocked
|
||||||
}
|
}
|
||||||
|
|
||||||
func (keyring *Keyring) Lock() {
|
func (keyring *Keyring) Lock() {
|
||||||
keyringLog.Info("Locking keyring")
|
keyringLog.Info("Locking keyring")
|
||||||
keyring.AccountKey = nil
|
keyring.isLocked = true
|
||||||
|
keyring.accountKey = nil
|
||||||
keyring.AsymmetricEncyryptionKey = MemoryAsymmetricEncryptionKey{}
|
keyring.AsymmetricEncyryptionKey = MemoryAsymmetricEncryptionKey{}
|
||||||
keyring.OrganizationKeys = nil
|
keyring.OrganizationKeys = nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (keyring *Keyring) UnlockWithAccountKey(accountKey SymmetricEncryptionKey) {
|
||||||
|
keyringLog.Info("Unlocking keyring with account key")
|
||||||
|
keyring.isLocked = false
|
||||||
|
keyring.accountKey = accountKey
|
||||||
|
}
|
||||||
|
|
||||||
|
func (keyring *Keyring) GetAccountKey() SymmetricEncryptionKey {
|
||||||
|
return keyring.accountKey
|
||||||
|
}
|
||||||
|
|
||||||
func (keyring *Keyring) GetSymmetricKeyForOrganization(uuid string) (SymmetricEncryptionKey, error) {
|
func (keyring *Keyring) GetSymmetricKeyForOrganization(uuid string) (SymmetricEncryptionKey, error) {
|
||||||
if key, ok := keyring.OrganizationKeys[uuid]; ok {
|
if key, ok := keyring.OrganizationKeys[uuid]; ok {
|
||||||
decryptedOrgKey, err := DecryptWithAsymmetric([]byte(key), keyring.AsymmetricEncyryptionKey)
|
decryptedOrgKey, err := DecryptWithAsymmetric([]byte(key), keyring.AsymmetricEncyryptionKey)
|
||||||
|
|||||||
@ -150,5 +150,5 @@ func (cipher Cipher) GetKeyForCipher(keyring crypto.Keyring) (crypto.SymmetricEn
|
|||||||
if cipher.OrganizationID != nil {
|
if cipher.OrganizationID != nil {
|
||||||
return keyring.GetSymmetricKeyForOrganization(cipher.OrganizationID.String())
|
return keyring.GetSymmetricKeyForOrganization(cipher.OrganizationID.String())
|
||||||
}
|
}
|
||||||
return keyring.AccountKey, nil
|
return keyring.GetAccountKey(), nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -441,7 +441,7 @@ func (cfg *Config) TryUnlock(vault *vault.Vault) error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
vault.Keyring.AccountKey = key
|
vault.Keyring.UnlockWithAccountKey(key)
|
||||||
} else {
|
} else {
|
||||||
cfg.Lock()
|
cfg.Lock()
|
||||||
return err
|
return err
|
||||||
|
|||||||
@ -30,13 +30,13 @@ func NewSSHKeyCipher(name string, keyring *crypto.Keyring) (models.Cipher, strin
|
|||||||
privatePEM := pem.EncodeToMemory(&privBlock)
|
privatePEM := pem.EncodeToMemory(&privBlock)
|
||||||
publicKey, err := ssh.NewPublicKey(pub)
|
publicKey, err := ssh.NewPublicKey(pub)
|
||||||
|
|
||||||
encryptedName, _ := crypto.EncryptWith([]byte(name), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
encryptedName, _ := crypto.EncryptWith([]byte(name), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||||
encryptedPublicKeyKey, _ := crypto.EncryptWith([]byte("public-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
encryptedPublicKeyKey, _ := crypto.EncryptWith([]byte("public-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||||
encryptedPublicKeyValue, _ := crypto.EncryptWith([]byte(string(ssh.MarshalAuthorizedKey(publicKey))), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
encryptedPublicKeyValue, _ := crypto.EncryptWith([]byte(string(ssh.MarshalAuthorizedKey(publicKey))), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||||
encryptedCustomTypeKey, _ := crypto.EncryptWith([]byte("custom-type"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
encryptedCustomTypeKey, _ := crypto.EncryptWith([]byte("custom-type"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||||
encryptedCustomTypeValue, _ := crypto.EncryptWith([]byte("ssh-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
encryptedCustomTypeValue, _ := crypto.EncryptWith([]byte("ssh-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||||
encryptedPrivateKeyKey, _ := crypto.EncryptWith([]byte("private-key"), crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
encryptedPrivateKeyKey, _ := crypto.EncryptWith([]byte("private-key"), crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||||
encryptedPrivateKeyValue, _ := crypto.EncryptWith(privatePEM, crypto.AesCbc256_HmacSha256_B64, keyring.AccountKey)
|
encryptedPrivateKeyValue, _ := crypto.EncryptWith(privatePEM, crypto.AesCbc256_HmacSha256_B64, keyring.GetAccountKey())
|
||||||
|
|
||||||
cipher := models.Cipher{
|
cipher := models.Cipher{
|
||||||
Type: models.CipherNote,
|
Type: models.CipherNote,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user