skylab/MasterPassword
2
0
Fork 0
Code Releases Activity

Allow unauthenticated marshal reading to reset master key.

Browse Source
This commit is contained in:
Maarten Billemont 2020-01-23 16:04:53 -05:00
parent a19df80a03
commit 1b90b3deea
3 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
platform-independent/c/cli/src/mpw-cli.c
View File

@ -718,7 +718,9 @@ void cli_mpw(Arguments *args, Operation *operation) {
operation->user->fullName, operation->purposeResult, operation->site->siteName, operation->identicon ); operation->user->fullName, operation->purposeResult, operation->site->siteName, operation->identicon );
// Determine master key. // Determine master key.
MPMasterKey masterKey = operation->user->masterKeyProvider( operation->site->algorithm, operation->user->fullName ); MPMasterKey masterKey = NULL;
if (operation->user->masterKeyProvider)
masterKey = operation->user->masterKeyProvider( operation->site->algorithm, operation->user->fullName );
if (!masterKey) { if (!masterKey) {
ftl( "Couldn't derive master key." ); ftl( "Couldn't derive master key." );
cli_free( args, operation ); cli_free( args, operation );

26
platform-independent/c/core/src/mpw-marshal.c
View File

@ -31,7 +31,7 @@ MPMarshalledUser *mpw_marshal_user(
const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion) { const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion) {
MPMarshalledUser *user; MPMarshalledUser *user;
if (!fullName || !masterKeyProvider || !(user = malloc( sizeof( MPMarshalledUser ) ))) if (!fullName || !(user = malloc( sizeof( MPMarshalledUser ) )))
return NULL; return NULL;
*user = (MPMarshalledUser){ *user = (MPMarshalledUser){
@ -144,7 +144,9 @@ static const char *mpw_marshal_write_flat(
*error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." }; *error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." };
return NULL; return NULL;
} }
MPMasterKey masterKey = user->masterKeyProvider( user->algorithm, user->fullName ); MPMasterKey masterKey = NULL;
if (user->masterKeyProvider)
masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
if (!masterKey) { if (!masterKey) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
return NULL; return NULL;
@ -188,7 +190,7 @@ static const char *mpw_marshal_write_flat(
if (!user->redacted) { if (!user->redacted) {
// Clear Text // Clear Text
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) { if (!user->masterKeyProvider || !(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free_string( &out ); mpw_free_string( &out );
return NULL; return NULL;
@ -229,7 +231,9 @@ static const char *mpw_marshal_write_json(
*error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." }; *error = (MPMarshalError){ MPMarshalErrorMissing, "Missing full name." };
return NULL; return NULL;
} }
MPMasterKey masterKey = user->masterKeyProvider( user->algorithm, user->fullName ); MPMasterKey masterKey = NULL;
if (user->masterKeyProvider)
masterKey = user->masterKeyProvider( user->algorithm, user->fullName );
if (!masterKey) { if (!masterKey) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
return NULL; return NULL;
@ -273,7 +277,7 @@ static const char *mpw_marshal_write_json(
if (!user->redacted) { if (!user->redacted) {
// Clear Text // Clear Text
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) { if (!user->masterKeyProvider || !(masterKey = user->masterKeyProvider( site->algorithm, user->fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
json_object_put( json_file ); json_object_put( json_file );
return NULL; return NULL;
@ -467,14 +471,14 @@ static MPMarshalledUser *mpw_marshal_read_flat(
// ## ends header // ## ends header
headerEnded = true; headerEnded = true;
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = masterKeyProvider( algorithm, fullName ))) { if (masterKeyProvider && !(masterKey = masterKeyProvider( algorithm, fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free_strings( &fullName, &keyID, NULL ); mpw_free_strings( &fullName, &keyID, NULL );
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
mpw_marshal_free( &user ); mpw_marshal_free( &user );
return NULL; return NULL;
} }
if (keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) { if (masterKey && keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
*error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." }; *error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." };
mpw_free_strings( &fullName, &keyID, NULL ); mpw_free_strings( &fullName, &keyID, NULL );
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
@ -666,7 +670,7 @@ static MPMarshalledUser *mpw_marshal_read_flat(
if (!user->redacted) { if (!user->redacted) {
// Clear Text // Clear Text
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) { if (!masterKeyProvider || !(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free_strings( &str_lastUsed, &str_uses, &str_type, &str_algorithm, &str_counter, NULL ); mpw_free_strings( &str_lastUsed, &str_uses, &str_type, &str_algorithm, &str_counter, NULL );
mpw_free_strings( &siteLoginState, &siteName, &siteResultState, NULL ); mpw_free_strings( &siteLoginState, &siteName, &siteResultState, NULL );
@ -815,14 +819,14 @@ static MPMarshalledUser *mpw_marshal_read_json(
json_object_put( json_file ); json_object_put( json_file );
return NULL; return NULL;
} }
if (!(masterKey = masterKeyProvider( algorithm, fullName ))) { if (masterKeyProvider && !(masterKey = masterKeyProvider( algorithm, fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
mpw_marshal_free( &user ); mpw_marshal_free( &user );
json_object_put( json_file ); json_object_put( json_file );
return NULL; return NULL;
} }
if (keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) { if (masterKey && keyID && !mpw_id_buf_equals( keyID, mpw_id_buf( masterKey, MPMasterKeySize ) )) {
*error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." }; *error = (MPMarshalError){ MPMarshalErrorMasterPassword, "Master password doesn't match key ID." };
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
mpw_marshal_free( &user ); mpw_marshal_free( &user );
@ -913,7 +917,7 @@ static MPMarshalledUser *mpw_marshal_read_json(
if (!user->redacted) { if (!user->redacted) {
// Clear Text // Clear Text
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
if (!(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) { if (!masterKeyProvider || !(masterKey = masterKeyProvider( site->algorithm, user->fullName ))) {
*error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." }; *error = (MPMarshalError){ MPMarshalErrorInternal, "Couldn't derive master key." };
mpw_free( &masterKey, MPMasterKeySize ); mpw_free( &masterKey, MPMasterKeySize );
mpw_marshal_free( &user ); mpw_marshal_free( &user );

4
platform-independent/c/core/src/mpw-marshal.h
View File

@ -139,11 +139,11 @@ MPMarshalledUser *mpw_marshal_read(
//// Utilities. //// Utilities.
/** Create a new user object ready for marshalling. /** Create a new user object ready for marshalling.
* @return A user object (allocated), or NULL if the fullName or masterKeyProvider is missing, or the marshalled user couldn't be allocated. */ * @return A user object (allocated), or NULL if the fullName is missing or the marshalled user couldn't be allocated. */
MPMarshalledUser *mpw_marshal_user( MPMarshalledUser *mpw_marshal_user(
const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion); const char *fullName, MPMasterKeyProvider masterKeyProvider, const MPAlgorithmVersion algorithmVersion);
/** Create a new site attached to the given user object, ready for marshalling. /** Create a new site attached to the given user object, ready for marshalling.
* @return A site object (allocated), or NULL if the siteName is missing, or the marshalled site couldn't be allocated. */ * @return A site object (allocated), or NULL if the siteName is missing or the marshalled site couldn't be allocated. */
MPMarshalledSite *mpw_marshal_site( MPMarshalledSite *mpw_marshal_site(
MPMarshalledUser *user, MPMarshalledUser *user,
const char *siteName, const MPResultType resultType, const MPCounterValue siteCounter, const MPAlgorithmVersion algorithmVersion); const char *siteName, const MPResultType resultType, const MPCounterValue siteCounter, const MPAlgorithmVersion algorithmVersion);