@reegaviljoen/eldlock 0.1.0

package/eldlock-server/internal/libfido2/fido2_darwin.go

@@ -0,0 +1,7 @@
+package libfido2
+
+/*
+#cgo darwin pkg-config: libfido2
+#cgo darwin LDFLAGS: -framework CoreFoundation -framework IOKit
+*/
+import "C"

package/eldlock-server/internal/libfido2/fido2_other.go

@@ -0,0 +1,9 @@
+package libfido2
+
+/*
+#cgo linux LDFLAGS: -L/usr/lib/x86_64-linux-gnu -lfido2
+#cgo linux CFLAGS: -I/usr/include/fido
+#cgo windows LDFLAGS: -L${SRCDIR}/windows/lib -lfido2
+#cgo windows CFLAGS: -I${SRCDIR}/windows/include
+*/
+import "C"

package/eldlock-server/internal/libfido2/fido2_test.go

@@ -0,0 +1,101 @@
+package libfido2_test
+
+import (
+	"log"
+	"testing"
+	"time"
+
+	"github.com/keys-pub/go-libfido2"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/require"
+)
+
+// TODO: It's important tests are run serially (a device can't handle concurrent requests).
+
+func TestDevices(t *testing.T) {
+	locs, err := libfido2.DeviceLocations()
+	require.NoError(t, err)
+	t.Logf("Found %d devices", len(locs))
+
+	for _, loc := range locs {
+		device, err := libfido2.NewDevice(loc.Path)
+		require.NoError(t, err)
+
+		isFIDO2, err := device.IsFIDO2()
+		require.NoError(t, err)
+		if !isFIDO2 {
+			continue
+		}
+
+		typ, err := device.Type()
+		require.NoError(t, err)
+		require.Equal(t, libfido2.FIDO2, typ)
+
+		// Testing info twice (hid_osx issues in the past caused a delayed 2nd request to fail).
+		info, err := device.Info()
+		require.NoError(t, err)
+		time.Sleep(time.Millisecond * 100)
+
+		info, err = device.Info()
+		require.NoError(t, err)
+		t.Logf("Info: %+v", info)
+	}
+}
+
+func TestDeviceAssertionCancel(t *testing.T) {
+	locs, err := libfido2.DeviceLocations()
+	require.NoError(t, err)
+	if len(locs) == 0 {
+		t.Skip("No devices")
+	}
+
+	t.Logf("Using device: %+v\n", locs[0])
+	path := locs[0].Path
+	device, err := libfido2.NewDevice(path)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	cdh := libfido2.RandBytes(32)
+	userID := libfido2.RandBytes(32)
+	salt := libfido2.RandBytes(32)
+	pin := "12345"
+
+	t.Logf("Make credential\n")
+	attest, err := device.MakeCredential(
+		cdh,
+		libfido2.RelyingParty{
+			ID: "keys.pub",
+		},
+		libfido2.User{
+			ID:   userID,
+			Name: "gabriel",
+		},
+		libfido2.ES256, // Algorithm
+		pin,
+		&libfido2.MakeCredentialOpts{
+			Extensions: []libfido2.Extension{libfido2.HMACSecretExtension},
+			RK:         libfido2.True,
+		},
+	)
+	require.NoError(t, err)
+
+	go func() {
+		time.Sleep(time.Second * 2)
+		t.Logf("Cancel")
+		device.Cancel()
+	}()
+
+	_, err = device.Assertion(
+		"keys.pub",
+		cdh,
+		[][]byte{attest.CredentialID},
+		pin,
+		&libfido2.AssertionOpts{
+			Extensions: []libfido2.Extension{libfido2.HMACSecretExtension},
+			UP:         libfido2.True,
+			HMACSalt:   salt,
+		},
+	)
+	require.EqualError(t, errors.Cause(err), "keep alive cancel")
+}

package/eldlock-server/internal/libfido2/go.mod

@@ -0,0 +1,10 @@
+module github.com/keys-pub/go-libfido2
+
+go 1.13
+
+require (
+	github.com/davecgh/go-spew v1.1.0
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.5.1
+	golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
+)

package/eldlock-server/internal/libfido2/go.sum

@@ -0,0 +1,16 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

package/eldlock-server/internal/libfido2/log.go

@@ -0,0 +1,87 @@
+package libfido2
+
+import (
+	pkglog "log"
+)
+
+var logger = NewLogger(ErrLevel)
+
+// SetLogger sets logger for the package.
+func SetLogger(l Logger) {
+	logger = l
+}
+
+// Logger interface used in this package.
+type Logger interface {
+	Debugf(format string, args ...interface{})
+	Infof(format string, args ...interface{})
+	Warningf(format string, args ...interface{})
+	Errorf(format string, args ...interface{})
+	Fatalf(format string, args ...interface{})
+}
+
+// LogLevel ...
+type LogLevel int
+
+const (
+	// DebugLevel ...
+	DebugLevel LogLevel = 3
+	// InfoLevel ...
+	InfoLevel LogLevel = 2
+	// WarnLevel ...
+	WarnLevel LogLevel = 1
+	// ErrLevel ...
+	ErrLevel LogLevel = 0
+)
+
+// NewLogger ...
+func NewLogger(lev LogLevel) Logger {
+	return &defaultLog{Level: lev}
+}
+
+func (l LogLevel) String() string {
+	switch l {
+	case DebugLevel:
+		return "debug"
+	case InfoLevel:
+		return "info"
+	case WarnLevel:
+		return "warn"
+	case ErrLevel:
+		return "err"
+	default:
+		return ""
+	}
+}
+
+type defaultLog struct {
+	Level LogLevel
+}
+
+func (l defaultLog) Debugf(format string, args ...interface{}) {
+	if l.Level >= 3 {
+		pkglog.Printf("[DEBG] "+format+"\n", args...)
+	}
+}
+
+func (l defaultLog) Infof(format string, args ...interface{}) {
+	if l.Level >= 2 {
+		pkglog.Printf("[INFO] "+format+"\n", args...)
+	}
+}
+
+func (l defaultLog) Warningf(format string, args ...interface{}) {
+	if l.Level >= 1 {
+		pkglog.Printf("[WARN] "+format+"\n", args...)
+	}
+}
+
+func (l defaultLog) Errorf(format string, args ...interface{}) {
+	if l.Level >= 0 {
+		pkglog.Printf("[ERR]  "+format+"\n", args...)
+	}
+}
+
+func (l defaultLog) Fatalf(format string, args ...interface{}) {
+	pkglog.Fatalf(format, args...)
+}

package/eldlock-server/internal/store/README.md

@@ -0,0 +1,7 @@
+# Store
+
+Local encrypted vault.
+
+The vault file lives on the user's machine and should not require a hosted Eldlock service to function.
+
+Current implementation note: the 0.1 preview uses an encrypted JSON envelope. Eldlock should avoid SQL/SQLite for vault storage so SQL injection is not part of the storage threat model. The envelope uses HKDF-SHA256 plus AES-256-GCM, with key material requested from the configured passkey provider for every vault create, read, add, list, and remove operation.

package/eldlock-server/internal/store/store.go

@@ -0,0 +1,434 @@
+package store
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hkdf"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sort"
+	"sync"
+	"time"
+
+	"github.com/eldlock/eldlock-server/internal/yubikey"
+)
+
+var (
+	ErrNotFound = errors.New("secret not found")
+)
+
+type SecretType string
+
+const (
+	SecretTypeEnv SecretType = "env"
+	SecretTypeSSH SecretType = "ssh"
+)
+
+type Secret struct {
+	Name      string     `json:"name"`
+	Type      SecretType `json:"type"`
+	Value     string     `json:"value"`
+	CreatedAt time.Time  `json:"created_at"`
+	UpdatedAt time.Time  `json:"updated_at"`
+}
+
+type SecretSummary struct {
+	Name      string     `json:"name"`
+	Type      SecretType `json:"type"`
+	CreatedAt time.Time  `json:"created_at"`
+	UpdatedAt time.Time  `json:"updated_at"`
+}
+
+type KeyProvider interface {
+	CreateKeyMaterial(operation string, salt []byte) ([]byte, map[string]string, error)
+	OpenKeyMaterial(operation string, salt []byte, metadata map[string]string) ([]byte, error)
+}
+
+type FileStore struct {
+	path        string
+	keyProvider KeyProvider
+	mu          sync.Mutex
+}
+
+func NewFileStore(path string, keyProvider KeyProvider) *FileStore {
+	return &FileStore{path: path, keyProvider: keyProvider}
+}
+
+func (s *FileStore) Init() error {
+	return s.InitWithPIN("")
+}
+
+func (s *FileStore) InitWithPIN(pin string) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	keyProvider := s.keyProviderWithPIN(pin)
+	if err := ensureProvider(keyProvider); err != nil {
+		return err
+	}
+	if _, err := os.Stat(s.path); err == nil {
+		return nil
+	} else if !errors.Is(err, os.ErrNotExist) {
+		return fmt.Errorf("stat store: %w", err)
+	}
+
+	salt, err := randomBytes(32)
+	if err != nil {
+		return fmt.Errorf("generate vault salt: %w", err)
+	}
+	material, metadata, err := keyProvider.CreateKeyMaterial("init", salt)
+	if err != nil {
+		return fmt.Errorf("passkey init: %w", err)
+	}
+	key, err := deriveKey(material, salt)
+	if err != nil {
+		return err
+	}
+
+	return s.saveEncrypted(diskData{Secrets: map[string]Secret{}}, vaultEnvelope{Version: 1, Salt: encode(salt), Passkey: metadata}, key)
+}
+
+func (s *FileStore) IsInitialized() (bool, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if _, err := os.Stat(s.path); err == nil {
+		return true, nil
+	} else if errors.Is(err, os.ErrNotExist) {
+		return false, nil
+	} else {
+		return false, fmt.Errorf("stat store: %w", err)
+	}
+}
+
+func (s *FileStore) Put(secret Secret) error {
+	return s.PutWithPIN(secret, "")
+}
+
+func (s *FileStore) PutWithPIN(secret Secret, pin string) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	data, envelope, key, err := s.loadUnlocked("put", pin)
+	if err != nil {
+		return err
+	}
+
+	now := time.Now().UTC()
+	if existing, ok := data.Secrets[secret.Name]; ok {
+		secret.CreatedAt = existing.CreatedAt
+	} else {
+		secret.CreatedAt = now
+	}
+	secret.UpdatedAt = now
+	data.Secrets[secret.Name] = secret
+
+	return s.saveEncrypted(data, envelope, key)
+}
+
+func (s *FileStore) PutManyWithPIN(secrets []Secret, pin string) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	data, envelope, key, err := s.loadUnlocked("import", pin)
+	if err != nil {
+		return err
+	}
+
+	now := time.Now().UTC()
+	for _, secret := range secrets {
+		if existing, ok := data.Secrets[secret.Name]; ok {
+			secret.CreatedAt = existing.CreatedAt
+		} else {
+			secret.CreatedAt = now
+		}
+		secret.UpdatedAt = now
+		data.Secrets[secret.Name] = secret
+	}
+
+	return s.saveEncrypted(data, envelope, key)
+}
+
+func (s *FileStore) Get(name string) (Secret, error) {
+	return s.GetWithPIN(name, "")
+}
+
+func (s *FileStore) GetWithPIN(name string, pin string) (Secret, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	data, _, _, err := s.loadUnlocked("get", pin)
+	if err != nil {
+		return Secret{}, err
+	}
+	secret, ok := data.Secrets[name]
+	if !ok {
+		return Secret{}, ErrNotFound
+	}
+	return secret, nil
+}
+
+func (s *FileStore) Delete(name string) error {
+	return s.DeleteWithPIN(name, "")
+}
+
+func (s *FileStore) DeleteWithPIN(name string, pin string) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	data, envelope, key, err := s.loadUnlocked("delete", pin)
+	if err != nil {
+		return err
+	}
+	if _, ok := data.Secrets[name]; !ok {
+		return ErrNotFound
+	}
+	delete(data.Secrets, name)
+
+	return s.saveEncrypted(data, envelope, key)
+}
+
+func (s *FileStore) List() ([]SecretSummary, error) {
+	return s.ListWithPIN("")
+}
+
+func (s *FileStore) ListWithPIN(pin string) ([]SecretSummary, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	data, _, _, err := s.loadUnlocked("list", pin)
+	if err != nil {
+		return nil, err
+	}
+
+	summaries := make([]SecretSummary, 0, len(data.Secrets))
+	for _, secret := range data.Secrets {
+		summaries = append(summaries, SecretSummary{
+			Name:      secret.Name,
+			Type:      secret.Type,
+			CreatedAt: secret.CreatedAt,
+			UpdatedAt: secret.UpdatedAt,
+		})
+	}
+	sort.Slice(summaries, func(i, j int) bool {
+		return summaries[i].Name < summaries[j].Name
+	})
+
+	return summaries, nil
+}
+
+func (s *FileStore) Env() (map[string]string, error) {
+	return s.EnvWithPIN("")
+}
+
+func (s *FileStore) EnvWithPIN(pin string) (map[string]string, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	data, _, _, err := s.loadUnlocked("exec", pin)
+	if err != nil {
+		return nil, err
+	}
+
+	env := make(map[string]string)
+	for _, secret := range data.Secrets {
+		if secret.Type == SecretTypeEnv {
+			env[secret.Name] = secret.Value
+		}
+	}
+	return env, nil
+}
+
+type diskData struct {
+	Secrets map[string]Secret `json:"secrets"`
+}
+
+type vaultEnvelope struct {
+	Version    int               `json:"version"`
+	KDF        string            `json:"kdf"`
+	AEAD       string            `json:"aead"`
+	Salt       string            `json:"salt"`
+	Passkey    map[string]string `json:"passkey"`
+	Nonce      string            `json:"nonce"`
+	Ciphertext string            `json:"ciphertext"`
+}
+
+func (s *FileStore) loadUnlocked(operation string, pin string) (diskData, vaultEnvelope, []byte, error) {
+	keyProvider := s.keyProviderWithPIN(pin)
+	if err := ensureProvider(keyProvider); err != nil {
+		return diskData{}, vaultEnvelope{}, nil, err
+	}
+	envelope, err := s.loadEnvelope()
+	if err != nil {
+		return diskData{}, vaultEnvelope{}, nil, err
+	}
+	salt, err := decode(envelope.Salt)
+	if err != nil {
+		return diskData{}, vaultEnvelope{}, nil, fmt.Errorf("decode vault salt: %w", err)
+	}
+	material, err := keyProvider.OpenKeyMaterial(operation, salt, envelope.Passkey)
+	if err != nil {
+		return diskData{}, vaultEnvelope{}, nil, err
+	}
+	key, err := deriveKey(material, salt)
+	if err != nil {
+		return diskData{}, vaultEnvelope{}, nil, err
+	}
+	data, err := decryptData(envelope, key)
+	if err != nil {
+		return diskData{}, vaultEnvelope{}, nil, err
+	}
+	return data, envelope, key, nil
+}
+
+func (s *FileStore) loadEnvelope() (vaultEnvelope, error) {
+	raw, err := os.ReadFile(s.path)
+	if err != nil {
+		return vaultEnvelope{}, fmt.Errorf("read store: %w", err)
+	}
+
+	var envelope vaultEnvelope
+	if err := json.Unmarshal(raw, &envelope); err != nil {
+		return vaultEnvelope{}, fmt.Errorf("decode encrypted store envelope: %w", err)
+	}
+	if envelope.Version != 1 {
+		return vaultEnvelope{}, fmt.Errorf("unsupported vault version %d", envelope.Version)
+	}
+	if envelope.KDF != "hkdf-sha256" || envelope.AEAD != "aes-256-gcm" {
+		return vaultEnvelope{}, errors.New("unsupported vault crypto parameters")
+	}
+	if envelope.Salt == "" || envelope.Nonce == "" || envelope.Ciphertext == "" || envelope.Passkey == nil {
+		return vaultEnvelope{}, errors.New("invalid encrypted vault envelope")
+	}
+
+	return envelope, nil
+}
+
+func (s *FileStore) saveEncrypted(data diskData, envelope vaultEnvelope, key []byte) error {
+	if data.Secrets == nil {
+		data.Secrets = map[string]Secret{}
+	}
+	if err := os.MkdirAll(filepath.Dir(s.path), 0o700); err != nil {
+		return fmt.Errorf("create store directory: %w", err)
+	}
+
+	next, err := encryptData(data, envelope, key)
+	if err != nil {
+		return err
+	}
+	raw, err := json.MarshalIndent(next, "", "  ")
+	if err != nil {
+		return fmt.Errorf("encode encrypted store: %w", err)
+	}
+	raw = append(raw, '\n')
+
+	return os.WriteFile(s.path, raw, 0o600)
+}
+
+func deriveKey(material []byte, salt []byte) ([]byte, error) {
+	if len(material) < 32 {
+		return nil, errors.New("passkey material must be at least 32 bytes")
+	}
+	key, err := hkdf.Key(sha256.New, material, salt, "eldlock vault encryption v1", 32)
+	if err != nil {
+		return nil, fmt.Errorf("derive vault key: %w", err)
+	}
+	return key, nil
+}
+
+func (s *FileStore) keyProviderWithPIN(pin string) KeyProvider {
+	if pin == "" {
+		return s.keyProvider
+	}
+	if provider, ok := s.keyProvider.(yubikey.PINProvider); ok {
+		return provider.WithPIN(pin)
+	}
+	return s.keyProvider
+}
+
+func ensureProvider(keyProvider KeyProvider) error {
+	if keyProvider == nil {
+		return errors.New("passkey provider is not configured")
+	}
+	return nil
+}
+
+func encryptData(data diskData, envelope vaultEnvelope, key []byte) (vaultEnvelope, error) {
+	plaintext, err := json.Marshal(data)
+	if err != nil {
+		return vaultEnvelope{}, fmt.Errorf("encode vault plaintext: %w", err)
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return vaultEnvelope{}, fmt.Errorf("create AES cipher: %w", err)
+	}
+	aead, err := cipher.NewGCM(block)
+	if err != nil {
+		return vaultEnvelope{}, fmt.Errorf("create GCM: %w", err)
+	}
+	nonce, err := randomBytes(aead.NonceSize())
+	if err != nil {
+		return vaultEnvelope{}, fmt.Errorf("generate nonce: %w", err)
+	}
+
+	envelope.Version = 1
+	envelope.KDF = "hkdf-sha256"
+	envelope.AEAD = "aes-256-gcm"
+	envelope.Nonce = encode(nonce)
+	envelope.Ciphertext = encode(aead.Seal(nil, nonce, plaintext, []byte("eldlock-vault-v1")))
+	return envelope, nil
+}
+
+func decryptData(envelope vaultEnvelope, key []byte) (diskData, error) {
+	nonce, err := decode(envelope.Nonce)
+	if err != nil {
+		return diskData{}, fmt.Errorf("decode vault nonce: %w", err)
+	}
+	ciphertext, err := decode(envelope.Ciphertext)
+	if err != nil {
+		return diskData{}, fmt.Errorf("decode vault ciphertext: %w", err)
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return diskData{}, fmt.Errorf("create AES cipher: %w", err)
+	}
+	aead, err := cipher.NewGCM(block)
+	if err != nil {
+		return diskData{}, fmt.Errorf("create GCM: %w", err)
+	}
+	plaintext, err := aead.Open(nil, nonce, ciphertext, []byte("eldlock-vault-v1"))
+	if err != nil {
+		return diskData{}, errors.New("decrypt vault: passkey rejected or vault data changed")
+	}
+
+	var data diskData
+	if err := json.Unmarshal(plaintext, &data); err != nil {
+		return diskData{}, fmt.Errorf("decode vault plaintext: %w", err)
+	}
+	if data.Secrets == nil {
+		data.Secrets = map[string]Secret{}
+	}
+	return data, nil
+}
+
+func randomBytes(size int) ([]byte, error) {
+	buf := make([]byte, size)
+	if _, err := rand.Read(buf); err != nil {
+		return nil, err
+	}
+	return buf, nil
+}
+
+func encode(value []byte) string {
+	return base64.RawStdEncoding.EncodeToString(value)
+}
+
+func decode(value string) ([]byte, error) {
+	return base64.RawStdEncoding.DecodeString(value)
+}