Upgrade keys to use bcrypt with salts (#38)

This commit adds salts to the library using bcrypt.

keys/cryptostore/enc_storage.go

@@ -12,21 +12,21 @@ type encryptedStorage struct {
 }
 
 func (es encryptedStorage) Put(name, pass string, key crypto.PrivKey) error {
-	secret, err := es.coder.Encrypt(key, pass)
+	saltBytes, encBytes, err := es.coder.Encrypt(key, pass)
 	if err != nil {
 		return err
 	}
 
 	ki := info(name, key)
-	return es.store.Put(name, secret, ki)
+	return es.store.Put(name, saltBytes, encBytes, ki)
 }
 
 func (es encryptedStorage) Get(name, pass string) (crypto.PrivKey, keys.Info, error) {
-	secret, info, err := es.store.Get(name)
+	saltBytes, encBytes, info, err := es.store.Get(name)
 	if err != nil {
 		return crypto.PrivKey{}, info, err
 	}
-	key, err := es.coder.Decrypt(secret, pass)
+	key, err := es.coder.Decrypt(saltBytes, encBytes, pass)
 	return key, info, err
 }
 

keys/cryptostore/encoder.go

@@ -2,7 +2,9 @@ package cryptostore
 
 import (
 	"github.com/pkg/errors"
+
 	crypto "github.com/tendermint/go-crypto"
+	"github.com/tendermint/go-crypto/bcrypt"
 )
 
 var (
@@ -16,45 +18,54 @@ var (
 //
 // This should use a well-designed symetric encryption algorithm
 type Encoder interface {
-	Encrypt(key crypto.PrivKey, pass string) ([]byte, error)
-	Decrypt(data []byte, pass string) (crypto.PrivKey, error)
-}
-
-func secret(passphrase string) []byte {
-	// TODO: Sha256(Bcrypt(passphrase))
-	return crypto.Sha256([]byte(passphrase))
+	Encrypt(privKey crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte, err error)
+	Decrypt(saltBytes []byte, encBytes []byte, passphrase string) (privKey crypto.PrivKey, err error)
 }
 
 type secretbox struct{}
 
-func (e secretbox) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
-	if pass == "" {
-		return key.Bytes(), nil
+func (e secretbox) Encrypt(privKey crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte, err error) {
+	if passphrase == "" {
+		return nil, privKey.Bytes(), nil
+	}
+
+	saltBytes = crypto.CRandBytes(16)
+	key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize.  14 is good today (2016)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "Couldn't generate bcrypt key from passphrase.")
 	}
-	s := secret(pass)
-	cipher := crypto.EncryptSymmetric(key.Bytes(), s)
-	return cipher, nil
+	key = crypto.Sha256(key) // Get 32 bytes
+	privKeyBytes := privKey.Bytes()
+	return saltBytes, crypto.EncryptSymmetric(privKeyBytes, key), nil
 }
 
-func (e secretbox) Decrypt(data []byte, pass string) (key crypto.PrivKey, err error) {
-	private := data
-	if pass != "" {
-		s := secret(pass)
-		private, err = crypto.DecryptSymmetric(data, s)
+func (e secretbox) Decrypt(saltBytes []byte, encBytes []byte, passphrase string) (privKey crypto.PrivKey, err error) {
+	privKeyBytes := encBytes
+	// NOTE: Some keys weren't encrypted with a passphrase and hence we have the conditional
+	if passphrase != "" {
+		key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize.  14 is good today (2016)
 		if err != nil {
 			return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
 		}
+		key = crypto.Sha256(key) // Get 32 bytes
+		privKeyBytes, err = crypto.DecryptSymmetric(encBytes, key)
+		if err != nil {
+			return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
+		}
+	}
+	privKey, err = crypto.PrivKeyFromBytes(privKeyBytes)
+	if err != nil {
+		return crypto.PrivKey{}, errors.Wrap(err, "Couldn't get privKey from bytes")
 	}
-	key, err = crypto.PrivKeyFromBytes(private)
-	return key, errors.Wrap(err, "Invalid Passphrase")
+	return privKey, nil
 }
 
 type noop struct{}
 
-func (n noop) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
-	return key.Bytes(), nil
+func (n noop) Encrypt(key crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte, err error) {
+	return []byte{}, key.Bytes(), nil
 }
 
-func (n noop) Decrypt(data []byte, pass string) (crypto.PrivKey, error) {
-	return crypto.PrivKeyFromBytes(data)
+func (n noop) Decrypt(saltBytes []byte, encBytes []byte, passphrase string) (privKey crypto.PrivKey, err error) {
+	return crypto.PrivKeyFromBytes(encBytes)
 }

keys/cryptostore/encoder_test.go

@@ -18,22 +18,22 @@ func TestNoopEncoder(t *testing.T) {
 	key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
 	key2 := cryptostore.GenSecp256k1.Generate(cmn.RandBytes(16))
 
-	b, err := noop.Encrypt(key, "encode")
+	_, b, err := noop.Encrypt(key, "encode")
 	require.Nil(err)
 	assert.NotEmpty(b)
 
-	b2, err := noop.Encrypt(key2, "encode")
+	_, b2, err := noop.Encrypt(key2, "encode")
 	require.Nil(err)
 	assert.NotEmpty(b2)
 	assert.NotEqual(b, b2)
 
 	// note the decode with a different password works - not secure!
-	pk, err := noop.Decrypt(b, "decode")
+	pk, err := noop.Decrypt(nil, b, "decode")
 	require.Nil(err)
 	require.NotNil(pk)
 	assert.Equal(key, pk)
 
-	pk2, err := noop.Decrypt(b2, "kggugougp")
+	pk2, err := noop.Decrypt(nil, b2, "kggugougp")
 	require.Nil(err)
 	require.NotNil(pk2)
 	assert.Equal(key2, pk2)
@@ -46,17 +46,17 @@ func TestSecretBox(t *testing.T) {
 	key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
 	pass := "some-special-secret"
 
-	b, err := enc.Encrypt(key, pass)
+	s, b, err := enc.Encrypt(key, pass)
 	require.Nil(err)
 	assert.NotEmpty(b)
 
 	// decoding with a different pass is an error
-	pk, err := enc.Decrypt(b, "decode")
+	pk, err := enc.Decrypt(s, b, "decode")
 	require.NotNil(err)
 	require.True(pk.Empty())
 
 	// but decoding with the same passphrase gets us our key
-	pk, err = enc.Decrypt(b, pass)
+	pk, err = enc.Decrypt(s, b, pass)
 	require.Nil(err)
 	assert.Equal(key, pk)
 }
@@ -80,11 +80,11 @@ func TestSecretBoxNoPass(t *testing.T) {
 	}
 
 	for i, tc := range cases {
-		b, err := enc.Encrypt(key, tc.encode)
+		s, b, err := enc.Encrypt(key, tc.encode)
 		require.Nil(err, "%d: %+v", i, err)
 		assert.NotEmpty(b, "%d", i)
 
-		pk, err := enc.Decrypt(b, tc.decode)
+		pk, err := enc.Decrypt(s, b, tc.decode)
 		if tc.valid {
 			require.Nil(err, "%d: %+v", i, err)
 			assert.Equal(key, pk, "%d", i)
@@ -95,7 +95,7 @@ func TestSecretBoxNoPass(t *testing.T) {
 
 	// now let's make sure raw bytes also work...
 	b := key.Bytes()
-	pk, err := enc.Decrypt(b, "")
+	pk, err := enc.Decrypt(nil, b, "")
 	require.Nil(err, "%+v", err)
 	assert.Equal(key, pk)
 }

keys/cryptostore/generator.go

@@ -2,6 +2,7 @@ package cryptostore
 
 import (
 	"github.com/pkg/errors"
+
 	crypto "github.com/tendermint/go-crypto"
 )
 

keys/cryptostore/holder.go

@@ -100,7 +100,7 @@ func (s Manager) List() (keys.Infos, error) {
 
 // Get returns the public information about one key
 func (s Manager) Get(name string) (keys.Info, error) {
-	_, info, err := s.es.store.Get(name)
+	_, _, info, err := s.es.store.Get(name)
 	return info, err
 }
 
@@ -124,21 +124,23 @@ func (s Manager) Sign(name, passphrase string, tx keys.Signable) error {
 //
 // This is designed to copy from one device to another, or provide backups
 // during version updates.
-func (s Manager) Export(name, oldpass, transferpass string) ([]byte, error) {
+// TODO: How to handle Export with salt?
+func (s Manager) Export(name, oldpass, transferpass string) (salt, data []byte, err error) {
 	key, _, err := s.es.Get(name, oldpass)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
-	res, err := s.es.coder.Encrypt(key, transferpass)
-	return res, err
+	salt, data, err = s.es.coder.Encrypt(key, transferpass)
+	return salt, data, err
 }
 
 // Import accepts bytes generated by Export along with the same transferpass
-// If they are valid, it stores the password under the given name with the
+// If they are valid, it stores the key under the given name with the
 // new passphrase.
-func (s Manager) Import(name, newpass, transferpass string, data []byte) error {
-	key, err := s.es.coder.Decrypt(data, transferpass)
+// TODO: How to handle Import with salt?
+func (s Manager) Import(name, newpass, transferpass string, salt, data []byte) error {
+	key, err := s.es.coder.Decrypt(salt, data, transferpass)
 	if err != nil {
 		return err
 	}

keys/cryptostore/holder_test.go

@@ -168,7 +168,7 @@ func TestImportUnencrypted(t *testing.T) {
 	pass := "top-secret"
 
 	// import raw bytes
-	err := cstore.Import(name, pass, "", key.Bytes())
+	err := cstore.Import(name, pass, "", nil, key.Bytes())
 	require.Nil(err, "%+v", err)
 
 	// make sure the address matches
@@ -209,15 +209,15 @@ func TestAdvancedKeyManagement(t *testing.T) {
 	assertPassword(assert, cstore, n1, p2, p1)
 
 	// exporting requires the proper name and passphrase
-	_, err = cstore.Export(n2, p2, pt)
+	_, _, err = cstore.Export(n2, p2, pt)
 	assert.NotNil(err)
-	_, err = cstore.Export(n1, p1, pt)
+	_, _, err = cstore.Export(n1, p1, pt)
 	assert.NotNil(err)
-	exported, err := cstore.Export(n1, p2, pt)
+	salt, exported, err := cstore.Export(n1, p2, pt)
 	require.Nil(err, "%+v", err)
 
 	// import fails on bad transfer pass
-	err = cstore.Import(n2, p3, p2, exported)
+	err = cstore.Import(n2, p3, p2, salt, exported)
 	assert.NotNil(err)
 }
 

keys/cryptostore/storage_test.go

@@ -5,9 +5,9 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	crypto "github.com/tendermint/go-crypto"
 	cmn "github.com/tendermint/tmlibs/common"
 
+	crypto "github.com/tendermint/go-crypto"
 	keys "github.com/tendermint/go-crypto/keys"
 )
 

keys/storage.go

@@ -3,8 +3,8 @@ package keys
 // Storage has many implementation, based on security and sharing requirements
 // like disk-backed, mem-backed, vault, db, etc.
 type Storage interface {
-	Put(name string, key []byte, info Info) error
-	Get(name string) ([]byte, Info, error)
+	Put(name string, salt []byte, key []byte, info Info) error
+	Get(name string) (salt []byte, key []byte, info Info, err error)
 	List() (Infos, error)
 	Delete(name string) error
 }