Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move passphrase logic from CryptoUtil to dedicated class for type-checking #5600

Merged

Conversation

nabla-c0d3
Copy link
Contributor

@nabla-c0d3 nabla-c0d3 commented Oct 24, 2020

Status

Ready.

Description of Changes

Rather than fixing #5599 in a single PR which would require a lot of changes, this PR extracts the logic related to generating passphrases from the CryptoUtil class in order to:

  1. Provide an example of the solution I described in CryptoUtil code is not type-checked due to dynamic lookup/usage #5599 to move away from current_app.crypto_util (which prevents proper type-checking and code analysis). To keep this PR small I only changed the code for generating passphrases within CryptoUtil, instead of trying to fix all of CryptoUtil. Hence this PR is mainly about replacing current_app.crypto_util.genrandomid() with PassphrasesGenerator.get_default().generate_passphrase().

  2. Refactor and clarify all code related to passphrases. For example the passphrase are sometimes called codename, secret, randomid, etc. in the code, which can be confusing when first looking at the code base. I introduced a DicewarePassphrase type to help clarify.

  3. Consolidate the logic of managing words list and passphrases (and the related tests) into a single class; most of the logic was in CryptoUtil, but not all of it as can be seen in this PR.

If the approach I took with this PR (mainly replacing current_app.crypto_util.genrandomid() with PassphrasesGenerator.get_default().generate_passphrase()) is approved, I can do the same for the rest of the CryptoUtil code.

@nabla-c0d3 nabla-c0d3 force-pushed the refactor-passphrases-generation branch 2 times, most recently from 2eafa4b to 8ff3973 Compare October 24, 2020 23:38
@nabla-c0d3 nabla-c0d3 changed the title Move passphrase logic from CryptoUtil to dedicated class Move passphrase logic from CryptoUtil to dedicated class for type-checking Oct 25, 2020
@nabla-c0d3 nabla-c0d3 marked this pull request as ready for review October 25, 2020 01:22
Copy link
Contributor

@rmol rmol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great work. I have a lot of comments and questions, but that's because of what's being changed, more than how. This is already cleaner, and I'm excited about getting this merged and moving on to CryptoUtil itself.

Again, just because of what it's touching, we're going to have at least one other reviewer take a look, so hold off on making any changes until they weigh in. Please do respond with any thoughts you have on my review though.

Thanks again for your contributions.

securedrop/journalist_app/utils.py Show resolved Hide resolved
securedrop/manage.py Show resolved Hide resolved
securedrop/crypto_util.py Show resolved Hide resolved
securedrop/models.py Show resolved Hide resolved
securedrop/passphrases.py Outdated Show resolved Hide resolved
securedrop/passphrases.py Outdated Show resolved Hide resolved
securedrop/source_app/forms.py Outdated Show resolved Hide resolved
securedrop/tests/test_passphrases.py Outdated Show resolved Hide resolved
securedrop/tests/test_source.py Outdated Show resolved Hide resolved
securedrop/tests/test_source.py Show resolved Hide resolved
@rmol
Copy link
Contributor

rmol commented Dec 3, 2020

This will unfortunately need to be rebased before it can be thoroughly tested.

@nabla-c0d3 nabla-c0d3 force-pushed the refactor-passphrases-generation branch 3 times, most recently from fad32e6 to 206c0bc Compare December 5, 2020 20:45
securedrop/passphrases.py Outdated Show resolved Hide resolved
@nabla-c0d3 nabla-c0d3 force-pushed the refactor-passphrases-generation branch from 206c0bc to d7d280b Compare December 5, 2020 21:36
@codecov-io
Copy link

codecov-io commented Dec 5, 2020

Codecov Report

Merging #5600 (1df827c) into develop (5a9e8fc) will increase coverage by 0.06%.
The diff coverage is 97.70%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #5600      +/-   ##
===========================================
+ Coverage    85.32%   85.38%   +0.06%     
===========================================
  Files           50       51       +1     
  Lines         3679     3709      +30     
  Branches       460      464       +4     
===========================================
+ Hits          3139     3167      +28     
- Misses         440      441       +1     
- Partials       100      101       +1     
Impacted Files Coverage Δ
securedrop/journalist_app/__init__.py 93.26% <ø> (ø)
securedrop/journalist_app/utils.py 86.97% <ø> (-0.53%) ⬇️
securedrop/models.py 92.20% <ø> (-0.04%) ⬇️
securedrop/sdconfig.py 75.00% <ø> (-0.44%) ⬇️
securedrop/source_app/__init__.py 100.00% <ø> (ø)
securedrop/passphrases.py 96.87% <96.87%> (ø)
securedrop/crypto_util.py 90.57% <100.00%> (-1.04%) ⬇️
securedrop/journalist_app/account.py 95.00% <100.00%> (+0.17%) ⬆️
securedrop/journalist_app/admin.py 92.67% <100.00%> (+0.11%) ⬆️
securedrop/manage.py 77.25% <100.00%> (+0.07%) ⬆️
... and 4 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5a9e8fc...1df827c. Read the comment docs.

@nabla-c0d3
Copy link
Contributor Author

This should be ready for another review; I think I took care of all the feedback 👍

securedrop/passphrases.py Outdated Show resolved Hide resolved
shortest_word,
self._PASSPHRASE_WORDS_COUNT,
)
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the comment above about Diceware entropy.

securedrop/tests/test_source.py Show resolved Hide resolved
@nabla-c0d3 nabla-c0d3 force-pushed the refactor-passphrases-generation branch from d7d280b to 1df827c Compare December 9, 2020 05:34
@nabla-c0d3
Copy link
Contributor Author

Ok thanks for looking into the Diceware questions. I changed the minimum word list size to 7300 and the minimum size of each word to 2.

@emkll emkll self-requested a review December 9, 2020 17:21
Copy link
Contributor

@emkll emkll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nabla-c0d3 for these changes and @rmol for the thorough review. Changes here look good to me, one minor nit re: a no-longer-accurate comment (inline), due to changes introduced during the PR review. Happy to append a commit to this branch if you'd like.

Thanks again your many contributions to SecureDrop, @nabla-c0d3 !

securedrop/passphrases.py Outdated Show resolved Hide resolved
Move passphrase logic from CryptoUtil to PassphrasesGenerator

Move passphrase logic from CryptoUtil to PassphrasesGenerator

Re-add generate test

Ensure passphrases are random

Fix pylint false positive

Fix test

Rename to PassphraseGenerator

Address feedback from review

Fix flake8

Fix test

Allow non-perfect word lists and re-enable french word list

Update test parameters

Bump minimum word count to 6000

Fix test

Tweak word lists requirements

Fix docstring
@nabla-c0d3 nabla-c0d3 force-pushed the refactor-passphrases-generation branch from 1df827c to 0269f6f Compare December 12, 2020 02:56
@nabla-c0d3
Copy link
Contributor Author

Thanks @nabla-c0d3 for these changes and @rmol for the thorough review. Changes here look good to me, one minor nit re: a no-longer-accurate comment (inline), due to changes introduced during the PR review. Happy to append a commit to this branch if you'd like.

Thanks again your many contributions to SecureDrop, @nabla-c0d3 !

No problem! I fixed the comment just now.

@rmol rmol merged commit c0415ea into freedomofpress:develop Dec 14, 2020
@eloquence eloquence added this to the 1.7.0 milestone Jan 5, 2021
@nabla-c0d3 nabla-c0d3 deleted the refactor-passphrases-generation branch September 25, 2021 04:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants