From 56499a11ad76afce78f2344ebfcb2b1ce1ee437f Mon Sep 17 00:00:00 2001 From: pennae Date: Sun, 17 Jul 2022 14:13:53 +0200 Subject: use SecretKey for key material in crypto --- src/api/auth/account.rs | 17 +++++------ src/api/auth/password.rs | 9 +++--- src/crypto.rs | 77 ++++++++++++++++++++++++------------------------ src/types.rs | 8 +++++ 4 files changed, 58 insertions(+), 53 deletions(-) (limited to 'src') diff --git a/src/api/auth/account.rs b/src/api/auth/account.rs index bff2a66..56ec717 100644 --- a/src/api/auth/account.rs +++ b/src/api/auth/account.rs @@ -90,8 +90,8 @@ pub(crate) async fn create( }, } - let ka = SecretBytes::generate(); - let wrapwrap_kb = SecretBytes::generate(); + let ka = SecretKey::generate(); + let wrapwrap_kb = SecretKey::generate(); let auth_salt = SaltString::generate(rand::rngs::OsRng); let stretched = data.authPW.stretch(auth_salt.as_salt())?; let verify_hash = stretched.verify_hash(); @@ -113,8 +113,8 @@ pub(crate) async fn create( .add_user(User { auth_salt, email: data.email.to_owned(), - ka: SecretKey(ka.0), - wrapwrap_kb: SecretKey(wrapwrap_kb.0), + ka, + wrapwrap_kb, verify_hash: VerifyHash(verify_hash), display_name: None, verified: false, @@ -204,8 +204,8 @@ pub(crate) async fn login( let key_fetch_token = KeyFetchToken::generate(); let req = KeyFetchReq::derive_from(&key_fetch_token); let wrapped = req.derive_resp().wrap_keys(&KeyBundle { - ka: SecretBytes(user.ka.0), - wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)), + ka: user.ka, + wrap_kb: stretched.decrypt_wwkb(&user.wrapwrap_kb), }); db.add_key_fetch(req.token_id, &req.req_hmac_key, &wrapped).await?; Some(key_fetch_token) @@ -380,13 +380,12 @@ pub(crate) async fn reset( let notify_devs = db.get_devices(&data.context).await?; - let wrapwrap_kb = SecretBytes::generate(); + let wrapwrap_kb = SecretKey::generate(); let auth_salt = SaltString::generate(rand::rngs::OsRng); let stretched = data.body.authPW.stretch(auth_salt.as_salt())?; let verify_hash = stretched.verify_hash(); - db.reset_user_auth(&data.context, auth_salt, SecretKey(wrapwrap_kb.0), VerifyHash(verify_hash)) - .await?; + db.reset_user_auth(&data.context, auth_salt, wrapwrap_kb, VerifyHash(verify_hash)).await?; defer.spawn_after_success("api::auth/account/reset(post)", { let client = Arc::clone(client); diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs index e389261..79b7587 100644 --- a/src/api/auth/password.rs +++ b/src/api/auth/password.rs @@ -63,10 +63,9 @@ pub(crate) async fn change_start( let change_req = PasswordChangeReq::derive_from_change_token(&change_token); let key_fetch_token = KeyFetchToken::generate(); let key_req = KeyFetchReq::derive_from(&key_fetch_token); - let wrapped = key_req.derive_resp().wrap_keys(&KeyBundle { - ka: SecretBytes(user.ka.0), - wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)), - }); + let wrapped = key_req + .derive_resp() + .wrap_keys(&KeyBundle { ka: user.ka, wrap_kb: stretched.decrypt_wwkb(&user.wrapwrap_kb) }); db.add_key_fetch(key_req.token_id, &key_req.req_hmac_key, &wrapped).await?; db.add_password_change(&uid, &change_req.token_id, &change_req.req_hmac_key, None).await?; @@ -106,7 +105,7 @@ impl AuthSource for WithChangeToken { #[allow(non_snake_case)] pub(crate) struct ChangeFinishReq { authPW: AuthPW, - wrapKb: SecretBytes<32>, + wrapKb: SecretKey, // MISSING sessionToken } diff --git a/src/crypto.rs b/src/crypto.rs index 4413663..d681e86 100644 --- a/src/crypto.rs +++ b/src/crypto.rs @@ -17,7 +17,7 @@ use sha2::Sha256; use crate::{ serde::as_hex, - types::{AccountResetID, HawkKey, KeyFetchID, PasswordChangeID, SessionID}, + types::{AccountResetID, HawkKey, KeyFetchID, PasswordChangeID, SecretKey, SessionID}, }; const NAMESPACE: &[u8] = b"identity.mozilla.com/picl/v1/"; @@ -28,6 +28,14 @@ pub fn random_bytes() -> [u8; N] { result } +fn xor(l: &[u8; N], r: &[u8; N]) -> [u8; N] { + let mut result = *l; + for (a, b) in result.iter_mut().zip(r.iter()) { + *a ^= b; + } + result +} + #[derive(Clone, PartialEq, Eq, Serialize, Deserialize)] #[serde(try_from = "String", into = "String")] pub struct SecretBytes(pub [u8; N]); @@ -38,16 +46,6 @@ impl Debug for SecretBytes { } } -impl SecretBytes { - fn xor(&self, other: &Self) -> Self { - let mut result = self.clone(); - for (a, b) in result.0.iter_mut().zip(other.0.iter()) { - *a ^= b; - } - result - } -} - impl From> for String { fn from(sb: SecretBytes) -> Self { hex::encode(&sb.0) @@ -136,11 +134,11 @@ impl SecretBytes { #[derive(Debug, Deserialize, Serialize)] #[serde(transparent)] -pub struct AuthPW { +pub(crate) struct AuthPW { pw: SecretBytes<32>, } -pub struct StretchedPW { +pub(crate) struct StretchedPW { pw: Output, } @@ -161,16 +159,16 @@ impl StretchedPW { raw.into() } - fn wrap_wrap_key(&self) -> SecretBytes<32> { + fn wrap_wrap_key(&self) -> [u8; 32] { from_hkdf(self.pw.as_bytes(), &[NAMESPACE, b"wrapwrapKey"]) } - pub fn decrypt_wwkb(&self, wwkb: &SecretBytes<32>) -> SecretBytes<32> { - wwkb.xor(&self.wrap_wrap_key()) + pub fn decrypt_wwkb(&self, wwkb: &SecretKey) -> SecretKey { + SecretKey(xor(&wwkb.0, &self.wrap_wrap_key())) } - pub fn rewrap_wkb(&self, wkb: &SecretBytes<32>) -> SecretBytes<32> { - wkb.xor(&self.wrap_wrap_key()) + pub fn rewrap_wkb(&self, wkb: &SecretKey) -> SecretKey { + SecretKey(xor(&wkb.0, &self.wrap_wrap_key())) } } @@ -240,25 +238,25 @@ impl KeyFetchReq { } } -pub struct KeyFetchResp { +pub(crate) struct KeyFetchResp { resp_hmac_key: SecretBytes<32>, resp_xor_key: SecretBytes<64>, } impl KeyFetchResp { pub fn wrap_keys(&self, keys: &KeyBundle) -> WrappedKeyBundle { - let ciphertext = self.resp_xor_key.xor(&keys.to_bytes()); + let ciphertext = xor(&self.resp_xor_key.0, &keys.to_bytes().0); #[allow(clippy::unwrap_used)] let mut hmac = Hmac::::new_from_slice(&self.resp_hmac_key.0).unwrap(); - hmac.update(&ciphertext.0); + hmac.update(&ciphertext); let hmac = *hmac.finalize().into_bytes().as_ref(); WrappedKeyBundle { ciphertext, hmac } } } -pub struct KeyBundle { - pub ka: SecretBytes<32>, - pub wrap_kb: SecretBytes<32>, +pub(crate) struct KeyBundle { + pub ka: SecretKey, + pub wrap_kb: SecretKey, } impl KeyBundle { @@ -272,14 +270,14 @@ impl KeyBundle { #[derive(Debug)] pub struct WrappedKeyBundle { - ciphertext: SecretBytes<64>, + ciphertext: [u8; 64], hmac: [u8; 32], } impl WrappedKeyBundle { pub fn to_bytes(&self) -> [u8; 96] { let mut result = [0; 96]; - result[0..64].copy_from_slice(&self.ciphertext.0); + result[0..64].copy_from_slice(&self.ciphertext); result[64..].copy_from_slice(&self.hmac); result } @@ -349,19 +347,16 @@ mod test { use hex_literal::hex; use password_hash::{Output, SaltString}; - use crate::crypto::{ - AccountResetReq, AccountResetToken, KeyBundle, KeyFetchReq, KeyFetchToken, - PasswordChangeReq, PasswordChangeToken, SessionCredentials, SessionToken, + use crate::{ + crypto::{ + AccountResetReq, AccountResetToken, KeyBundle, KeyFetchReq, KeyFetchToken, + PasswordChangeReq, PasswordChangeToken, SessionCredentials, SessionToken, + }, + types::SecretKey, }; use super::{AuthPW, SecretBytes}; - macro_rules! shex { - ( $s: literal ) => { - SecretBytes(hex!($s)) - }; - } - #[test] fn test_derive_session() { let creds = SessionCredentials::derive_from(&SessionToken(hex!( @@ -409,8 +404,12 @@ mod test { ); let bundle = KeyBundle { - ka: shex!("2021222324252627 28292a2b2c2d2e2f 3031323334353637 38393a3b3c3d3e3f"), - wrap_kb: shex!("7effe354abecbcb2 34a8dfc2d7644b4a d339b525589738f2 d27341bb8622ecd8"), + ka: SecretKey(hex!( + "2021222324252627 28292a2b2c2d2e2f 3031323334353637 38393a3b3c3d3e3f" + )), + wrap_kb: SecretKey(hex!( + "7effe354abecbcb2 34a8dfc2d7644b4a d339b525589738f2 d27341bb8622ecd8" + )), }; assert_eq!( bundle.to_bytes().0, @@ -422,7 +421,7 @@ mod test { let wrapped = resp.wrap_keys(&bundle); assert_eq!( - wrapped.ciphertext.0, + wrapped.ciphertext, hex!( "ee5c58845c7c9412 b11bbd20920c2fdd d83c33c9cd2c2de2 d66b222613364636 fc7e59d854d599f1 0e212801de3a47c3 4333f3b838ee3471 e0f285649c332bbb" @@ -469,7 +468,7 @@ mod test { ); assert_eq!( - stretched.wrap_wrap_key().0, + stretched.wrap_wrap_key(), hex!("3ebea117efa9faf5 7ce195899b290505 8368e7760cc26ea5 8a2a1be0da7fb287") ); Ok(()) diff --git a/src/types.rs b/src/types.rs index aca74cf..342deab 100644 --- a/src/types.rs +++ b/src/types.rs @@ -226,6 +226,14 @@ impl OauthAuthorizationID { } } +impl SecretKey { + pub fn generate() -> Self { + let mut result = Self([0; 32]); + OsRng.fill_bytes(&mut result.0); + result + } +} + #[derive(Clone, PartialEq, Eq, Serialize, Deserialize)] #[serde(try_from = "String", into = "String")] pub(crate) struct OauthToken([u8; 32]); -- cgit v1.2.3