Skip to content

Commit

Permalink
Merge pull request #162 from maxlaverse/add_support_for_argon2
Browse files Browse the repository at this point in the history
Add support for argon2
  • Loading branch information
maxlaverse authored Oct 1, 2024
2 parents 80f1e36 + 95076c9 commit 97fb684
Show file tree
Hide file tree
Showing 11 changed files with 329 additions and 79 deletions.
24 changes: 16 additions & 8 deletions internal/bitwarden/crypto/keybuilder/prelogin_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,27 @@ package keybuilder

import (
"crypto/sha256"
"fmt"

"github.com/maxlaverse/terraform-provider-bitwarden/internal/bitwarden/crypto/symmetrickey"
"github.com/maxlaverse/terraform-provider-bitwarden/internal/bitwarden/models"
"golang.org/x/crypto/argon2"
"golang.org/x/crypto/pbkdf2"
)

const (
PBKDF2_SHA256 = 0
)

func BuildPreloginKey(masterPassword, email string, kdfIteration int) (*symmetrickey.Key, error) {
return buildKey(masterPassword, email, PBKDF2_SHA256, kdfIteration)
func BuildPreloginKey(masterPassword, email string, kdfConfig models.KdfConfiguration) (*symmetrickey.Key, error) {
return buildKey(masterPassword, email, kdfConfig)
}

func buildKey(masterPassword, salt string, kdf, iterations int) (*symmetrickey.Key, error) {
return symmetrickey.NewFromRawBytes(pbkdf2.Key([]byte(masterPassword), []byte(salt), iterations, 32, sha256.New))
func buildKey(masterPassword, salt string, kdfConfig models.KdfConfiguration) (*symmetrickey.Key, error) {
switch kdfConfig.KdfType {
case models.KdfTypePBKDF2_SHA256:
return symmetrickey.NewFromRawBytes(pbkdf2.Key([]byte(masterPassword), []byte(salt), kdfConfig.KdfIterations, 32, sha256.New))
case models.KdfTypeArgon2:
hashedSalt := sha256.New()
hashedSalt.Write([]byte(salt))
return symmetrickey.NewFromRawBytes(argon2.IDKey([]byte(masterPassword), hashedSalt.Sum(nil), uint32(kdfConfig.KdfIterations), uint32(kdfConfig.KdfMemory*1024), uint8(kdfConfig.KdfParallelism), 32))
default:
return nil, fmt.Errorf("unsupported KDF: '%d'", kdfConfig.KdfType)
}
}
18 changes: 8 additions & 10 deletions internal/bitwarden/embedded/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,17 @@ import (
"fmt"

"github.com/maxlaverse/terraform-provider-bitwarden/internal/bitwarden/crypto/symmetrickey"
"github.com/maxlaverse/terraform-provider-bitwarden/internal/bitwarden/models"
)

type Account struct {
AccountUUID string `json:"accountUuid,omitempty"`
Email string `json:"email,omitempty"`
VaultFormat string `json:"vaultFormat,omitempty"`
KdfIterations int `json:"kdfIterations,omitempty"`
KdfMemory int `json:"kdfMemory,omitempty"`
KdfParallelism int `json:"kdfParallelism,omitempty"`
KdfType int `json:"kdfType,omitempty"`
ProtectedSymmetricKey string `json:"protectedSymmetricKey,omitempty"`
ProtectedRSAPrivateKey string `json:"protectedRSAPrivateKey,omitempty"`
Secrets AccountSecrets `json:"-"`
AccountUUID string `json:"accountUuid,omitempty"`
Email string `json:"email,omitempty"`
VaultFormat string `json:"vaultFormat,omitempty"`
KdfConfig models.KdfConfiguration `json:"kdfConfig,omitempty"`
ProtectedSymmetricKey string `json:"protectedSymmetricKey,omitempty"`
ProtectedRSAPrivateKey string `json:"protectedRSAPrivateKey,omitempty"`
Secrets AccountSecrets `json:"-"`
}

func (a *Account) PrivateKeyDecrypted() bool {
Expand Down
6 changes: 1 addition & 5 deletions internal/bitwarden/embedded/vault_base.go
Original file line number Diff line number Diff line change
Expand Up @@ -123,11 +123,7 @@ func (v *baseVault) storeObject(ctx context.Context, obj models.Object) {
}

func decryptAccountSecrets(account Account, password string) (*AccountSecrets, error) {
if account.KdfType != 0 {
return nil, fmt.Errorf("unsupported kdf type '%d'", account.KdfType)
}

masterKey, err := keybuilder.BuildPreloginKey(password, account.Email, account.KdfIterations)
masterKey, err := keybuilder.BuildPreloginKey(password, account.Email, account.KdfConfig)
if err != nil {
return nil, fmt.Errorf("error building prelogin key: %w", err)
}
Expand Down
11 changes: 7 additions & 4 deletions internal/bitwarden/embedded/vault_base_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,13 @@ import (

var (
testAccount = Account{
AccountUUID: "e8dababd-242e-4900-becf-e88bc021dda8",
Email: "[email protected]",
VaultFormat: "API",
KdfIterations: 600000,
AccountUUID: "e8dababd-242e-4900-becf-e88bc021dda8",
Email: "[email protected]",
VaultFormat: "API",
KdfConfig: models.KdfConfiguration{
KdfType: models.KdfTypePBKDF2_SHA256,
KdfIterations: 600000,
},
ProtectedSymmetricKey: "2.lkAJiJtCKPHFPrZ96+j2Xg==|5XJtrKUndcGy28thFukrmgMcLp+BOVdkF+KcuOnfshq9AN1PFhna9Es96CVARCnjTcWuHuqvgnGmcOHTrf8fyfLv63VBsjLgLZk8rCXJoKE=|9dwgx4/13AD+elE2vE7vlSQoe8LbCGGlui345YrKvXY=",
ProtectedRSAPrivateKey: "2.D2aLa8ne/DAkeSzctQISVw==|/xoGM5i5JGJTH/vohUuwTFrTx3hd/gt3kBD/FQdeLMtYjl1u96sh0ECmoERqGHeSfXj+iAb9kpTIOKG8LwmkZGUJBI90Mw0M7ODmf7E8eQ+aGF+bGqTSMQ1wtpunEyFVodlg92YN8Ddlb2V9J4uN8ykpHYNDmQiYLZ8bl6vCODRGPyzLvx5M8DbITVL5PhsjKDLLrVV8lFCgCcAL5YLfkghYhFELyX15zXA/KYEnwggDka3hG5+HHFOVZSeyk7Gi6M4TX2wADbTXz1/Wsho8oxFUrtNiOB3ZiY2cx9UWttpzMXoGfi2gJcP1db/nTfWenOLlzw6Od4VyRzsXsfyGwbqBqDnNFkjLvhjVw4JO+psF//xAMDs14101Tf2wFkB6toQ+zdnDphXUeKmiVPQ7gMnQlOWN5tWvjjmYOO4Y63sGpP24cDOdEScIdebZRSA8uOhTzadfKfOiH5zVYZzXs33FQ0li4nBrsj5xYa6PP4D1P7gqjxClPdguwkdLoZ7JvgIlyRIwEcORi5Ich8RWF/kqRBwk0QSzK1mTlHHU5xtSgi4MLNVx4qTYNaJVBtwL9d2MD9LeNn4Z2PL4A7qnszHqsERiQQDxNEgMxMBHDgSXqQbtQxRvsI6oY+yNbN7uVWw4o8AC3f5GBdxzIqcN1mgEM5ix5aDt15w3MhP2FHtf2neKI68TnL8WnT1fT8BVlbECIiUqK0tfq5aTjdSh3gCS15jvZ1H60h+K8+O/nDfquzVjY7UsTGwA+UtS8/JGiaUhc0VhxJo8P1V2VSCiu51d5q3De1vDg5R2VEgBmTchZyTIodC+3+7ACTOwkNCCdIJN7xKOcIGFA7QOuyJtBeXT4Rd9UGMHSL054IB/315WVDiwrP9W1aP0nHzFs+qAXbH5o1E+AmfMDyoHopjGgbUw22r837kHzf5Qe8QhRYPzQvDowfCPhdoy23cbN1VsNavNwTC9hcG5oYMwkK66xP3MEM9UfGD22pwxe7M8U4BRdLCCHbi95eklXE6Mg6DpWsAdMgokQbOvnlwgKfrlbltqXUE/vUQI8TB3AE1Nkt0ST4quTriMuuyiHdeeZV4UkV9jWt/5bTCfdrCYuGZP7g4shbfNcP7u1Zrdxv+EuUwGIOOTrNV5awmBnL3iHE5ya2MnqmRyfWiPIT5majZCk06yxj4XzyIPOpjYKFt0MOgLvG1GllmdtRqg7tMVvc5ZFo5KWIxLsIJD12UjA1GYYoFdX4+wsNbPjfnlE6D2PrtWUICnBFJzYpfyrKTe01k8G8hyyz+tVzBRfz8EA2ew1+hlVcAgSPCcBzhDgqPe+RSPi7ZSd66be1gDhGAftWFM8Z0MrMklXi2DyjjaKBNsZZD8qTcLcobm8nqHUQtnr5JCbmgP3rau8NY/fxeFHsvSiZQoB1aI/y+Sz/R4r+T9cg8hjmS/FUHDO+m6a6nuWNFwz8wIluM557oOTl+A9UGFF50Gpzmf97VdQjM3ZREazQ7la6AobzS3BHI6FNdxN9LTyMpYo+WODv52/VwU3ODH7wf5bz2OHZhk2NG5R7pSH7qg8jM+/MtJkFumENV0qMecozIkP6e4CyI9ua4YwI9n7G5OgKYMG1aj2PRSny2JSLS8aHF1TkRL8SD0nZFCox0=|muEtiwIuZxhuuLv0nouEdxHU2CO+I7JXKZuYHWiv/OE=",
}
Expand Down
Loading

0 comments on commit 97fb684

Please sign in to comment.