From 1b90b3deea4eea631986b462c06a5e08f432d489 Mon Sep 17 00:00:00 2001 From: Maarten Billemont Date: Thu, 23 Jan 2020 16:04:53 -0500 Subject: [PATCH] Allow unauthenticated marshal reading to reset master key. --- platform-independent/c/cli/src/mpw-cli.c | 4 ++- platform-independent/c/core/src/mpw-marshal.c | 26 +++++++++++-------- platform-independent/c/core/src/mpw-marshal.h | 4 +-- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/platform-independent/c/cli/src/mpw-cli.c b/platform-independent/c/cli/src/mpw-cli.c index 85119aa2..f48eb779 100644 --- a/platform-independent/c/cli/src/mpw-cli.c +++ b/platform-independent/c/cli/src/mpw-cli.c @@ -718,7 +718,9 @@ void cli_mpw(Arguments *args, Operation *operation) { operation->user->fullName, operation->purposeResult, operation->site->siteName, operation->identicon ); // Determine master key. - MPMasterKey masterKey = operation->user->masterKeyProvider( operation->site->algorithm, operation->user->fullName ); + MPMasterKey masterKey = NULL; + if (operation->user->masterKeyProvider) + masterKey = operation->user->masterKeyProvider( operation->site->algorithm, operation->user->fullName ); if (!masterKey) { ftl( "Couldn't derive master key." ); cli_free( args, operation ); diff --git a/platform-independent/c/core/src/mpw-marshal.c b/platform-independent/c/core/src/mpw-marshal.c index ddaa1dbf..63ac9888 100644 --- a/platform-independent/c/core/src/mpw-marshal.c +++ b/platform-independent/c/core/src/mpw-marshal.c @@ -31,7 +31,7 @@ MPMarshalledUser *mpw_marshal_user( const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion) { MPMarshalledUser *user; - if (!fullName || !masterKeyProvider || !(user = malloc( sizeof( MPMarshalledUser ) ))) + if (!fullName || !(user = malloc( sizeof( MPMarshalledUser ) ))) return NULL; *user = (MPMarshalledUser){ @@ -144,7 +144,9 @@ static const char *mpw_marshal_write_flat( *error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." }; return NULL; } - MPMasterKey masterKey = user->masterKeyProvider( user->algorithm, user->fullName ); + MPMasterKey masterKey = NULL; + if (user->masterKeyProvider) + masterKey = user->masterKeyProvider( user->algorithm, user->fullName ); if (!masterKey) { *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; return NULL; @@ -188,7 +190,7 @@ static const char *mpw_marshal_write_flat( if (!user->redacted) { // Clear Text mpw_free( &masterKey, MPMasterKeySize ); - if (!(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) { + if (!user->masterKeyProvider || !(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) { *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; mpw_free_string( &out ); return NULL; @@ -229,7 +231,9 @@ static const char *mpw_marshal_write_json( *error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." }; return NULL; } - MPMasterKey masterKey = user->masterKeyProvider( user->algorithm, user->fullName ); + MPMasterKey masterKey = NULL; + if (user->masterKeyProvider) + masterKey = user->masterKeyProvider( user->algorithm, user->fullName ); if (!masterKey) { *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; return NULL; @@ -273,7 +277,7 @@ static const char *mpw_marshal_write_json( if (!user->redacted) { // Clear Text mpw_free( &masterKey, MPMasterKeySize ); - if (!(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) { + if (!user->masterKeyProvider || !(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) { *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; json_object_put( json_file ); return NULL; @@ -467,14 +471,14 @@ static MPMarshalledUser *mpw_marshal_read_flat( // ## ends header headerEnded = true; mpw_free( &masterKey, MPMasterKeySize ); - if (!(masterKey = masterKeyProvider( algorithm, fullName ))) { + if (masterKeyProvider && !(masterKey = masterKeyProvider( algorithm, fullName ))) { *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; mpw_free_strings( &fullName, &keyID, NULL ); mpw_free( &masterKey, MPMasterKeySize ); mpw_marshal_free( &user ); return NULL; } - if (keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) { + if (masterKey && keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) { *error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." }; mpw_free_strings( &fullName, &keyID, NULL ); mpw_free( &masterKey, MPMasterKeySize ); @@ -666,7 +670,7 @@ static MPMarshalledUser *mpw_marshal_read_flat( if (!user->redacted) { // Clear Text mpw_free( &masterKey, MPMasterKeySize ); - if (!(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) { + if (!masterKeyProvider || !(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) { *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; mpw_free_strings( &str_lastUsed, &str_uses, &str_type, &str_algorithm, &str_counter, NULL ); mpw_free_strings( &siteLoginState, &siteName, &siteResultState, NULL ); @@ -815,14 +819,14 @@ static MPMarshalledUser *mpw_marshal_read_json( json_object_put( json_file ); return NULL; } - if (!(masterKey = masterKeyProvider( algorithm, fullName ))) { + if (masterKeyProvider && !(masterKey = masterKeyProvider( algorithm, fullName ))) { *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; mpw_free( &masterKey, MPMasterKeySize ); mpw_marshal_free( &user ); json_object_put( json_file ); return NULL; } - if (keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) { + if (masterKey && keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) { *error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." }; mpw_free( &masterKey, MPMasterKeySize ); mpw_marshal_free( &user ); @@ -913,7 +917,7 @@ static MPMarshalledUser *mpw_marshal_read_json( if (!user->redacted) { // Clear Text mpw_free( &masterKey, MPMasterKeySize ); - if (!(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) { + if (!masterKeyProvider || !(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) { *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; mpw_free( &masterKey, MPMasterKeySize ); mpw_marshal_free( &user ); diff --git a/platform-independent/c/core/src/mpw-marshal.h b/platform-independent/c/core/src/mpw-marshal.h index 947ef5ad..17099e65 100644 --- a/platform-independent/c/core/src/mpw-marshal.h +++ b/platform-independent/c/core/src/mpw-marshal.h @@ -139,11 +139,11 @@ MPMarshalledUser *mpw_marshal_read( //// Utilities. /** Create a new user object ready for marshalling. - * @return A user object (allocated), or NULL if the fullName or masterKeyProvider is missing, or the marshalled user couldn't be allocated. */ + * @return A user object (allocated), or NULL if the fullName is missing or the marshalled user couldn't be allocated. */ MPMarshalledUser *mpw_marshal_user( const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion); /** Create a new site attached to the given user object, ready for marshalling. - * @return A site object (allocated), or NULL if the siteName is missing, or the marshalled site couldn't be allocated. */ + * @return A site object (allocated), or NULL if the siteName is missing or the marshalled site couldn't be allocated. */ MPMarshalledSite *mpw_marshal_site( MPMarshalledUser *user, const char *siteName, const MPResultType resultType, const MPCounterValue siteCounter, const MPAlgorithmVersion algorithmVersion);