Stop using salt when deriving key from password (#28)

nakabonne · Dec 28, 2020 · f2a81ac · f2a81ac
1 parent 4d255f4
commit f2a81ac
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 101 deletions.
diff --git a/commands/common.go b/commands/common.go
@@ -62,19 +62,16 @@ func datasizeToBytes(ds string) (int64, error) {
 
 // getSymmetricKey retrieves the symmetric-key. First try to derive it from password.
 // Then try to read the file. errNotFound is returned if key not found.
-func getSymmetricKey(password, symmetricKeyFile string, saltFunc func() ([]byte, error)) ([]byte, error) {
+func getSymmetricKey(password, symmetricKeyFile string) ([]byte, error) {
 	if password != "" && (symmetricKeyFile != "" || os.Getenv(pbgopySymmetricKeyFileEnv) != "") {
 		return nil, fmt.Errorf("can't specify both password and key")
 	}
 
 	// Derive from password.
 	if password != "" {
-		var err error
-		salt, err := saltFunc()
-		if err != nil {
-			return nil, fmt.Errorf("failed to get salt: %w", err)
-		}
-		return pbcrypto.DeriveKey(password, salt), nil
+		// NOTE: This option is for cases where data cannot be shared between devices in advance.
+		// Therefore nil is used as a salt though it cannot prevent a dictionary attack.
+		return pbcrypto.DeriveKey(password, nil), nil
 	}
 
 	// Read from file.

diff --git a/commands/copy.go b/commands/copy.go
@@ -83,23 +83,21 @@ func (r *copyRunner) run(_ *cobra.Command, _ []string) error {
 		return fmt.Errorf("failed to read from source: %w", err)
 	}
 
-	client := &http.Client{
-		Timeout: r.timeout,
-	}
-
-	data, err = r.encrypt(data, func() ([]byte, error) {
-		return r.regenerateSalt(client, address)
-	})
+	// Start encryption.
+	data, err = r.encrypt(data)
 	if err != nil {
 		return err
 	}
 
+	// Start issuing an HTTP request.
+	client := &http.Client{
+		Timeout: r.timeout,
+	}
 	req, err := http.NewRequest(http.MethodPut, address, bytes.NewBuffer(data))
 	if err != nil {
 		return fmt.Errorf("failed to make request: %w", err)
 	}
 	addBasicAuthHeader(req, r.basicAuth)
-
 	res, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("failed to issue request: %w", err)
@@ -117,14 +115,14 @@ func (r *copyRunner) run(_ *cobra.Command, _ []string) error {
 //   - hybrid cryptosystem with a public-key
 //   - symmetric-key encryption with a key derived from password
 //   - symmetric-key encryption with an existing key
-func (r *copyRunner) encrypt(plaintext []byte, saltFunc func() ([]byte, error)) ([]byte, error) {
+func (r *copyRunner) encrypt(plaintext []byte) ([]byte, error) {
 	// Perform hybrid encryption with a public-key if specified.
 	if r.publicKeyFile != "" || r.gpgUserID != "" {
 		return r.encryptWithPubKey(plaintext)
 	}
 
 	// Try to encrypt with a symmetric-key.
-	key, err := getSymmetricKey(r.password, r.symmetricKeyFile, saltFunc)
+	key, err := getSymmetricKey(r.password, r.symmetricKeyFile)
 	if errors.Is(err, errNotfound) {
 		return plaintext, nil
 	}
@@ -182,22 +180,3 @@ func (r *copyRunner) encryptWithPubKey(plaintext []byte) ([]byte, error) {
 		EncryptedSessionKey: encryptedSessKey,
 	})
 }
-
-// regenerateSalt lets the server regenerate the salt and gives back the new one.
-func (r *copyRunner) regenerateSalt(client *http.Client, address string) ([]byte, error) {
-	if strings.HasSuffix(address, "/") {
-		address = address[:len(address)-1]
-	}
-	req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("%s%s", address, saltPath), bytes.NewBuffer([]byte{}))
-	if err != nil {
-		return nil, fmt.Errorf("failed to make request: %w", err)
-	}
-	addBasicAuthHeader(req, r.basicAuth)
-	res, err := client.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("failed to issue request: %w", err)
-	}
-	defer res.Body.Close()
-
-	return ioutil.ReadAll(res.Body)
-}
diff --git a/commands/paste.go b/commands/paste.go
@@ -10,7 +10,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
-	"strings"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -89,9 +88,8 @@ func (r *pasteRunner) run(_ *cobra.Command, _ []string) error {
 		return fmt.Errorf("failed to read the response body: %w", err)
 	}
 
-	data, err = r.decrypt(data, func() ([]byte, error) {
-		return r.getSalt(client, address)
-	})
+	// Start decryption if needed.
+	data, err = r.decrypt(data)
 	if err != nil {
 		return err
 	}
@@ -105,14 +103,14 @@ func (r *pasteRunner) run(_ *cobra.Command, _ []string) error {
 //   - hybrid cryptosystem with a private-key
 //   - symmetric-key encryption with a key derived from password
 //   - symmetric-key encryption with an existing key
-func (r *pasteRunner) decrypt(data []byte, saltFunc func() ([]byte, error)) ([]byte, error) {
+func (r *pasteRunner) decrypt(data []byte) ([]byte, error) {
 	// Perform hybrid decryption with a private-key if specified.
 	if r.privateKeyFile != "" || r.gpgUserID != "" {
 		return r.decryptWithPrivKey(data)
 	}
 
 	// Try to decrypt with a symmetric-key.
-	key, err := getSymmetricKey(r.password, r.symmetricKeyFile, saltFunc)
+	key, err := getSymmetricKey(r.password, r.symmetricKeyFile)
 	if errors.Is(err, errNotfound) {
 		return data, nil
 	}
@@ -175,26 +173,4 @@ func (r *pasteRunner) decryptWithPrivKey(data []byte) ([]byte, error) {
 		return nil, fmt.Errorf("failed to decrypt the encrypted data: %w", err)
 	}
 	return plaintext, nil
-
-}
-
-// getSalt gives back the salt.
-func (r *pasteRunner) getSalt(client *http.Client, address string) ([]byte, error) {
-	if strings.HasSuffix(address, "/") {
-		address = address[:len(address)-1]
-	}
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s%s", address, saltPath), nil)
-	if err != nil {
-		return nil, fmt.Errorf("failed to make request: %w", err)
-	}
-	addBasicAuthHeader(req, r.basicAuth)
-	res, err := client.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("failed to issue get request: %w", err)
-	}
-	defer res.Body.Close()
-	if res.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("failed request: Status %s", res.Status)
-	}
-	return ioutil.ReadAll(res.Body)
 }
diff --git a/commands/serve.go b/commands/serve.go
@@ -2,7 +2,6 @@ package commands
 
 import (
 	"context"
-	"crypto/rand"
 	"errors"
 	"fmt"
 	"io"
@@ -22,11 +21,9 @@ const (
 	defaultTTL  = time.Hour * 24
 
 	rootPath        = "/"
-	saltPath        = "/salt"
 	lastUpdatedPath = "/lastupdated"
 
 	dataCacheKey        = "data"
-	saltCacheKey        = "salt"
 	lastUpdatedCacheKey = "lastUpdated"
 )
 
@@ -90,7 +87,6 @@ func (r *serveRunner) newServer() *http.Server {
 		Handler: mux,
 	}
 	mux.HandleFunc(rootPath, r.basicAuthHandler(r.handle))
-	mux.HandleFunc(saltPath, r.basicAuthHandler(r.handleSalt))
 	mux.HandleFunc(lastUpdatedPath, r.basicAuthHandler(r.handleLastUpdated))
 	return server
 }
@@ -132,39 +128,6 @@ func (r *serveRunner) handle(w http.ResponseWriter, req *http.Request) {
 	}
 }
 
-func (r *serveRunner) handleSalt(w http.ResponseWriter, req *http.Request) {
-	switch req.Method {
-	case http.MethodGet:
-		salt, err := r.cache.Get(saltCacheKey)
-		if errors.Is(err, cache.ErrNotFound) {
-			http.Error(w, "The salt not found", http.StatusNotFound)
-			return
-		}
-		if err != nil {
-			http.Error(w, "Failed to get salt from cache", http.StatusInternalServerError)
-			return
-		}
-		if s, ok := salt.([]byte); ok {
-			w.Write(s)
-			return
-		}
-		http.Error(w, fmt.Sprintf("The cached data is unknown type: %T", salt), http.StatusInternalServerError)
-	case http.MethodPut:
-		salt := make([]byte, 128)
-		if _, err := rand.Read(salt); err != nil {
-			http.Error(w, fmt.Sprintf("Failed to make salt: %v", err), http.StatusInternalServerError)
-			return
-		}
-		if err := r.cache.Put(saltCacheKey, salt); err != nil {
-			http.Error(w, fmt.Sprintf("Failed to cache: %v", err), http.StatusInternalServerError)
-			return
-		}
-		w.Write(salt)
-	default:
-		http.Error(w, fmt.Sprintf("Method %s is not allowed", req.Method), http.StatusMethodNotAllowed)
-	}
-}
-
 func (r *serveRunner) handleLastUpdated(w http.ResponseWriter, req *http.Request) {
 	switch req.Method {
 	case http.MethodGet: