Hash password before using it (#1306)

status-im · Dec 10, 2018 · 56ac39a · 56ac39a
1 parent 7cf33c6
commit 56ac39a
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 14 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.17.7-beta
+0.17.8-beta
diff --git a/services/shhext/chat/sql_lite_persistence.go b/services/shhext/chat/sql_lite_persistence.go
@@ -53,7 +53,7 @@ func NewSQLLitePersistence(path string, key string) (*SQLLitePersistence, error)
 	return s, nil
 }
 
-func MigrateDBFile(oldPath string, newPath string, key string) error {
+func MigrateDBFile(oldPath string, newPath string, oldKey string, newKey string) error {
 	_, err := os.Stat(oldPath)
 
 	// No files, nothing to do
@@ -70,13 +70,12 @@ func MigrateDBFile(oldPath string, newPath string, key string) error {
 		return err
 	}
 
-	// Migrate dev/nightly builds which used ON as a key for debugging
-	db, err := openDB(newPath, "ON")
+	db, err := openDB(newPath, oldKey)
 	if err != nil {
 		return err
 	}
 
-	keyString := fmt.Sprintf("PRAGMA rekey=%s", key)
+	keyString := fmt.Sprintf("PRAGMA rekey = '%s'", newKey)
 
 	if _, err = db.Exec(keyString); err != nil {
 		return err
@@ -92,7 +91,7 @@ func openDB(path string, key string) (*sql.DB, error) {
 		return nil, err
 	}
 
-	keyString := fmt.Sprintf("PRAGMA key=%s", key)
+	keyString := fmt.Sprintf("PRAGMA key = '%s'", key)
 
 	// Disable concurrent access as not supported by the driver
 	db.SetMaxOpenConns(1)

diff --git a/services/shhext/service.go b/services/shhext/service.go
@@ -8,6 +8,7 @@ import (
 	"path/filepath"
 
 	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto/sha3"
 	"github.com/ethereum/go-ethereum/node"
 	"github.com/ethereum/go-ethereum/p2p"
 	"github.com/ethereum/go-ethereum/p2p/enode"
@@ -108,17 +109,28 @@ func (s *Service) InitProtocol(address string, password string) error {
 		return nil
 	}
 
+	digest := sha3.Sum256([]byte(password))
+	hashedPassword := fmt.Sprintf("%x", digest)
+
 	if err := os.MkdirAll(filepath.Clean(s.dataDir), os.ModePerm); err != nil {
 		return err
 	}
-	oldPath := filepath.Join(s.dataDir, fmt.Sprintf("%x.db", address))
-	newPath := filepath.Join(s.dataDir, fmt.Sprintf("%s.db", s.installationID))
+	v0Path := filepath.Join(s.dataDir, fmt.Sprintf("%x.db", address))
+	v1Path := filepath.Join(s.dataDir, fmt.Sprintf("%s.db", s.installationID))
+	v2Path := filepath.Join(s.dataDir, fmt.Sprintf("%s.v2.db", s.installationID))
 
-	if err := chat.MigrateDBFile(oldPath, newPath, password); err != nil {
+	if err := chat.MigrateDBFile(v0Path, v1Path, "ON", password); err != nil {
 		return err
 	}
 
-	persistence, err := chat.NewSQLLitePersistence(newPath, password)
+	if err := chat.MigrateDBFile(v1Path, v2Path, password, hashedPassword); err != nil {
+		// Remove db file as created with a blank password and never used,
+		// and there's no need to rekey in this case
+		os.Remove(v1Path)
+		os.Remove(v2Path)
+	}
+
+	persistence, err := chat.NewSQLLitePersistence(v2Path, hashedPassword)
 	if err != nil {
 		return err
 	}

diff --git a/services/shhext/service_test.go b/services/shhext/service_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"math"
 	"os"
 	"testing"
@@ -72,6 +73,10 @@ func (s *ShhExtSuite) SetupTest() {
 	s.nodes = make([]*node.Node, 2)
 	s.services = make([]*Service, 2)
 	s.whisper = make([]*whisper.Whisper, 2)
+
+	directory, err := ioutil.TempDir("", "status-go-testing")
+	s.Require().NoError(err)
+
 	for i := range s.nodes {
 		i := i // bind i to be usable in service constructors
 		cfg := &node.Config{
@@ -88,11 +93,12 @@ func (s *ShhExtSuite) SetupTest() {
 		s.NoError(stack.Register(func(n *node.ServiceContext) (node.Service, error) {
 			return s.whisper[i], nil
 		}))
+
 		config := &ServiceConfig{
 			InstallationID:          "1",
-			DataDir:                 os.TempDir(),
+			DataDir:                 directory,
 			Debug:                   true,
-			PFSEnabled:              false,
+			PFSEnabled:              true,
 			MailServerConfirmations: true,
 			ConnectionTarget:        10,
 		}
@@ -106,6 +112,11 @@ func (s *ShhExtSuite) SetupTest() {
 	s.services[0].tracker.handler = newHandlerMock(1)
 }
 
+func (s *ShhExtSuite) TestInitProtocol() {
+	err := s.services[0].InitProtocol("example-address", "`090///\nhtaa\rhta9x8923)$$'23")
+	s.NoError(err)
+}
+
 func (s *ShhExtSuite) TestPostMessageWithConfirmation() {
 	mock := newHandlerMock(1)
 	s.services[0].tracker.handler = mock
@@ -184,7 +195,7 @@ func (s *ShhExtSuite) TestRequestMessagesErrors() {
 		InstallationID: "1",
 		DataDir:        os.TempDir(),
 		Debug:          false,
-		PFSEnabled:     false,
+		PFSEnabled:     true,
 	}
 	service := New(shh, mock, nil, config)
 	api := NewPublicAPI(service)
@@ -250,7 +261,7 @@ func (s *ShhExtSuite) TestRequestMessagesSuccess() {
 		InstallationID: "1",
 		DataDir:        os.TempDir(),
 		Debug:          false,
-		PFSEnabled:     false,
+		PFSEnabled:     true,
 	}
 	service := New(shh, mock, nil, config)
 	s.Require().NoError(service.Start(aNode.Server()))