Setting params for Argon2 requires info file v5

ItalyPaleAle · ItalyPaleAle · commit 47d2b047e201 · 2020-09-12T06:38:46.000Z
This is because the change was actually not forward-compatible, so it required a new info file version.
Also, improved how we deal with the legacy keys (that used older Argon2 params)
diff --git a/Encryption.md b/Encryption.md
@@ -101,7 +101,7 @@ The default method of operation of prvt uses a passphrase to derive the wrapping
 
 In this mode of operation, the wrapping key is a 256-bit symmetric key that is derived from the user's passphrase using the [Argon2](https://en.wikipedia.org/wiki/Argon2) algorithm, in the Argon2id variant.
 
-prvt uses the [golang.org/x/crypto/argon2](https://golang.org/x/crypto/argon2) implementation of Argon2id, which is part of the Go project. prvt 0.5.1 and higher use Argon2id with iterations=4, memory=80MB, and parallelism=2.
+prvt uses the [golang.org/x/crypto/argon2](https://golang.org/x/crypto/argon2) implementation of Argon2id, which is part of the Go project. prvt 0.6 and higher use Argon2id with iterations=4, memory=80MB, and parallelism=2.
 
 It's possible to override the parameters used for Argon2 at runtime, when a new passphrase is added as key (i.e. with `prvt repo key add` or the equivalent REST call), by setting the environmental variables `PRVT_ARGON2_ITERATIONS`, `PRVT_ARGON2_MEMORY` (whose value is in KB) and `PRVT_ARGON2_PARALLELISM`.
 
@@ -155,7 +155,7 @@ The `_info.json` file is the only file in the repository that is not encrypted.
 This file is a JSON document containing four keys:
 
 - The name of the app (`app`) that created it. This is always `prvt`.
-- The version (`ver`) of the info file. The latest value, from prvt version 0.5, is `4`.
+- The version (`ver`) of the info file. The latest value, from prvt version 0.6, is `5`.
 - A unique ID for the repo (`id`). This is a randomly-generated UUID and it's used to identify which repo you're working on.
 - The data path (`dp`), which is the name of the sub-folder where the encrypted data is stored. The default value is `data`. (This value can't be set using the prvt CLI, but it's defined here to enable backwards compatibility with repositories created by previous versions of prvt.)
 - The list of passphrases and keys (`k`).
@@ -173,9 +173,9 @@ For master keys that are wrapped with wrapping keys derived from a passphrase, t
 - The options for the key derivation function (`o`). This is a dictionary that, for Argon2, contains the following keys:
     - `a2`: variant to use: this can only be `argon2id`, which is also the default value if the key is omitted.
     - `a2v`: version of Argon2: this can only be `19`, which is also the default value if the key is omitted.
-    - `a2m`: memory parameter, in KB; for backwards-compatibility, if the key is omitted the default value is `65536` (64 MB), which is different from the new default value of 80 MB.
-    - `a2t`: iterations parameter; for backwards-compatibility, if the key is omitted the default value is `1`, which is different from the new default value of 4.
-    - `a2p`: parallelism parameter; for backwards-compatibility, if the key is omitted the default value is `4`, which is different from the new default value of 2.
+    - `a2m`: memory parameter, in KB; for backwards-compatibility, if the key is omitted the default value is `8192`, or 80 MB (this was 64 MB in prvt 0.5 and lower).
+    - `a2t`: iterations parameter; for backwards-compatibility, if the key is omitted the default value is `4` (this was `1` in prvt 0.5 and lower).
+    - `a2p`: parallelism parameter; for backwards-compatibility, if the key is omitted the default value is `2` (this was `4` in prvt 0.5 and lower).
 
 For example, for a repository that allows only one passphrase to unlock it (the document below has been pretty-printed for clarity for this example only):
 
diff --git a/cmd/zz-keys.go b/cmd/zz-keys.go
@@ -85,8 +85,8 @@ func NewInfoFile(gpgKey string) (info *infofile.InfoFile, errMessage string, err
 
 // UpgradeInfoFile upgrades an info file to the latest version
 func UpgradeInfoFile(info *infofile.InfoFile) (errMessage string, err error) {
-	// Can only upgrade info files versions 1-3
-	if info.Version < 1 || info.Version > 3 {
+	// Can only upgrade info files versions 1-4
+	if info.Version < 1 || info.Version > 4 {
 		return "Unsupported repository version", errors.New("This repository has already been upgraded or is using an unsupported version")
 	}
 
@@ -114,8 +114,21 @@ func UpgradeInfoFile(info *infofile.InfoFile) (errMessage string, err error) {
 		info.RepoId = repoId.String()
 	}
 
+	// Upgrade 4 -> 5
+	if info.Version < 5 {
+		// Set the legacy values for Argon2 for each key
+		for i := 0; i < len(info.Keys); i++ {
+			// Ignore GPG keys and ignore keys that have already been upgraded (e.g. from v1)
+			if info.Keys[i].GPGKey != "" || info.Keys[i].KDFOptions != nil {
+				continue
+			}
+			info.Keys[i].KDF = "argon2"
+			info.Keys[i].KDFOptions = crypto.LegacyArgon2Options()
+		}
+	}
+
 	// Update the version
-	info.Version = 4
+	info.Version = 5
 
 	return "", nil
 }
@@ -132,8 +145,7 @@ func upgradeInfoFileV1(info *infofile.InfoFile) (errMessage string, err error) {
 		}
 
 		// Get the default parameters for Argon2
-		kdfOptions := &crypto.Argon2Options{}
-		_ = kdfOptions.Validate()
+		kdfOptions := crypto.LegacyArgon2Options()
 		if err != nil {
 			return "Error validating Argon2 parameters", err
 		}
@@ -144,8 +156,11 @@ func upgradeInfoFileV1(info *infofile.InfoFile) (errMessage string, err error) {
 			return "Cannot unlock the repository", errors.New("Invalid passphrase")
 		}
 
-		// Now, tune the parameters for Argon2 before wrapping the key again
-		kdfOptions.Setup()
+		// Now, set up the parameters for Argon2 before wrapping the key again
+		err = kdfOptions.Setup()
+		if err != nil {
+			return "Error setting up Argon2 parameters", err
+		}
 
 		// Create a new salt
 		newSalt, err := crypto.NewSalt()
diff --git a/crypto/key.go b/crypto/key.go
@@ -40,16 +40,11 @@ type Argon2Options struct {
 }
 
 // Setup sets the parameters for the key derivation function
-func (o *Argon2Options) Setup() {
+func (o *Argon2Options) Setup() error {
 	// Set variant and version
 	o.Variant = "argon2id"
 	o.Version = 0x13
 
-	// Set parameters to some values that should be reasonable for most systems, including low-power ones
-	o.Iterations = 4
-	o.Memory = 80 << 10
-	o.Parallelism = 2
-
 	// Check if we have the tune function, which is included with a build tag only
 	method := reflect.ValueOf(o).MethodByName("Tune")
 	if method.IsValid() {
@@ -69,6 +64,8 @@ func (o *Argon2Options) Setup() {
 	if err == nil && parallelism > 0 {
 		o.Parallelism = uint8(parallelism)
 	}
+
+	return o.Validate()
 }
 
 // Validate the values and sets the defaults for the missing ones
@@ -89,17 +86,17 @@ func (o *Argon2Options) Validate() error {
 	if argon2.Version != 0x13 {
 		panic("argon2 library uses a different version that expected")
 	}
-	// Default memory is 64MB (in KB), for backwards compatibility
+	// Default memory is 80MB (in KB)
 	if o.Memory == 0 {
-		o.Memory = 64 * 1024
+		o.Memory = 80 * 1024
 	}
-	// Default iterations is 1, for backwards compatibility
+	// Default iterations is 4
 	if o.Iterations == 0 {
-		o.Iterations = 1
+		o.Iterations = 4
 	}
-	// Default parallelism is 4, for backwards compatibility
+	// Default parallelism is 2
 	if o.Parallelism == 0 {
-		o.Parallelism = 4
+		o.Parallelism = 2
 	}
 	return nil
 }
@@ -111,6 +108,17 @@ func (o *Argon2Options) timeExecution() int64 {
 	return time.Since(start).Milliseconds()
 }
 
+// LegacyArgon2Options returns an object with the parameters for Argon2 used by prvt version 4 and below
+func LegacyArgon2Options() *Argon2Options {
+	return &Argon2Options{
+		Variant:     "argon2id",
+		Version:     19,
+		Memory:      64 << 10,
+		Iterations:  1,
+		Parallelism: 4,
+	}
+}
+
 // KeyFromPassphrase returns the 32-byte key derived from a passphrase and a salt using Argon2id
 // It also returns a "confirmation hash" that can be used to ensure the passphrase is correct
 func KeyFromPassphrase(passphrase string, salt []byte, kd *Argon2Options) (key []byte, confirmationHash []byte, err error) {
diff --git a/infofile/infofile.go b/infofile/infofile.go
@@ -38,14 +38,16 @@ type InfoFileKey struct {
 	// GPG key id for when using a GPG key
 	GPGKey string `json:"g,omitempty"`
 
-	// Key Derivation Function for when using a passphrase (only "argon2" is currently supported)
-	KDF string `json:"f,omitempty"`
-	// Options for the Key Derivation Function (Argon2 only)
-	KDFOptions *crypto.Argon2Options `json:"o,omitempty"`
 	// ConfirmationHash for when using a passphrase
 	ConfirmationHash []byte `json:"p,omitempty"`
 	// Salt for when using a passphrase
 	Salt []byte `json:"s,omitempty"`
+
+	// Fields for version 5+
+	// Key Derivation Function for when using a passphrase (only "argon2" is currently supported)
+	KDF string `json:"f,omitempty"`
+	// Options for the Key Derivation Function (Argon2 only)
+	KDFOptions *crypto.Argon2Options `json:"o,omitempty"`
 }
 
 // InfoFile is the content of the info file
@@ -79,7 +81,7 @@ func New() (*InfoFile, error) {
 	// Info file
 	info := &InfoFile{
 		App:      "prvt",
-		Version:  4,
+		Version:  5,
 		RepoId:   repoId.String(),
 		DataPath: "data",
 	}
@@ -206,8 +208,8 @@ func (info *InfoFile) Validate() error {
 				return errors.New("invalid confirmation hash in info file")
 			}
 		}
-	} else if info.Version >= 2 && info.Version <= 4 {
-		// Parse version 2 to 4
+	} else if info.Version >= 2 && info.Version <= 5 {
+		// Parse version 2 to 5
 		if len(info.Keys) == 0 {
 			return errors.New("repository does not have any key")
 		}
diff --git a/keys/keys.go b/keys/keys.go
@@ -51,8 +51,7 @@ func GetMasterKeyWithPassphrase(info *infofile.InfoFile, passphrase string) (mas
 	if len(info.Salt) != 0 && len(info.ConfirmationHash) != 0 {
 		var confirmationHash []byte
 		// Default KDF options
-		kdfOptions := &crypto.Argon2Options{}
-		_ = kdfOptions.Validate()
+		kdfOptions := crypto.LegacyArgon2Options()
 		masterKey, confirmationHash, err = crypto.KeyFromPassphrase(passphrase, info.Salt, kdfOptions)
 		if err == nil && subtle.ConstantTimeCompare(info.ConfirmationHash, confirmationHash) == 1 {
 			return masterKey, "LegacyKey", "", nil
@@ -76,13 +75,13 @@ func GetMasterKeyWithPassphrase(info *infofile.InfoFile, passphrase string) (mas
 		if k.KDF != "argon2" && k.KDF != "" {
 			continue
 		}
-		// For backwards compatibility, create the KDF options if empty
+		// For backwards compatibility, create the KDF options if empty and set the values to the legacy ones
 		if k.KDFOptions == nil {
-			k.KDFOptions = &crypto.Argon2Options{}
-			// Skip invalid keys
-			if k.KDFOptions.Validate() != nil {
-				continue
-			}
+			k.KDFOptions = crypto.LegacyArgon2Options()
+		}
+		// Skip invalid keys
+		if k.KDFOptions.Validate() != nil {
+			continue
 		}
 
 		// Try this key
@@ -111,13 +110,12 @@ func AddKeyPassphrase(info *infofile.InfoFile, masterKey []byte, passphrase stri
 		return "", "Key already added", errors.New("This passphrase has already been added to the repository")
 	}
 
-	// Tune parameters for Argon2
+	// Set up parameters for Argon2
 	kdfOptions := &crypto.Argon2Options{}
-	err = kdfOptions.Validate()
+	err = kdfOptions.Setup()
 	if err != nil {
-		return "", "Error validating Argon2 parameters", err
+		return "", "Error setting up Argon2 parameters", err
 	}
-	kdfOptions.Setup()
 
 	// Derive the wrapping key, after generating a new salt
 	salt, err = crypto.NewSalt()
diff --git a/tests/fixtures/previous-versions/v0.5/_index b/tests/fixtures/previous-versions/v0.5/_index
diff --git a/tests/fixtures/previous-versions/v0.5/_info.json b/tests/fixtures/previous-versions/v0.5/_info.json
@@ -0,0 +1 @@
+{"app":"prvt","ver":4,"dp":"data","k":[{"m":"o7B/BE0HBhW6m6BP4ntjY7S4qNLXFqjSqrecH1yAULpIqrbxZA4puA==","s":"O0ZJv3+NDOyx4ZdkMfd5Gg==","p":"klfIuohyvZULyfibnuzxQMSrlODUsLhqwy9BYqIh2lQ="}],"id":"9e52eb06-a44a-4f89-819c-57dfdf8feee4"}
diff --git a/tests/fixtures/previous-versions/v0.5/data/15/2f/152fabc7-9af6-4cf1-8672-6245f940c1d4 b/tests/fixtures/previous-versions/v0.5/data/15/2f/152fabc7-9af6-4cf1-8672-6245f940c1d4
diff --git a/tests/functional-cli_test.go b/tests/functional-cli_test.go
@@ -104,7 +104,7 @@ func (s *funcTestSuite) cmdRepoInit(t *testing.T) {
 		err = json.Unmarshal(read, info)
 		assert.NoError(t, err)
 		assert.Equal(t, "prvt", info.App)
-		assert.Equal(t, uint16(4), info.Version)
+		assert.Equal(t, uint16(5), info.Version)
 		assert.NotEmpty(t, info.RepoId)
 		assert.Len(t, info.Keys, 1)
 		assert.Len(t, info.Keys[0].ConfirmationHash, 32)
@@ -126,7 +126,7 @@ func (s *funcTestSuite) cmdRepoInit(t *testing.T) {
 		err = json.Unmarshal(read, info)
 		assert.NoError(t, err)
 		assert.Equal(t, "prvt", info.App)
-		assert.Equal(t, uint16(4), info.Version)
+		assert.Equal(t, uint16(5), info.Version)
 		assert.NotEmpty(t, info.RepoId)
 		assert.Len(t, info.Keys, 1)
 		assert.Len(t, info.Keys[0].ConfirmationHash, 0)
@@ -241,7 +241,7 @@ func (s *funcTestSuite) cmdRepoKey(t *testing.T) {
 		err = json.Unmarshal(read, info)
 		assert.NoError(t, err)
 		assert.Equal(t, "prvt", info.App)
-		assert.Equal(t, uint16(4), info.Version)
+		assert.Equal(t, uint16(5), info.Version)
 		assert.NotEmpty(t, info.RepoId)
 		assert.Len(t, info.Keys, 2)
 		assert.Len(t, info.Keys[0].ConfirmationHash, 0)
diff --git a/tests/functional-previous-versions_test.go b/tests/functional-previous-versions_test.go
@@ -41,6 +41,7 @@ func (s *funcTestSuite) RunPreviousVersions(t *testing.T) {
 	t.Run("prvt 0.2", s.previousVersion_0_2)
 	t.Run("prvt 0.3", s.previousVersion_0_3)
 	t.Run("prvt 0.4", s.previousVersion_0_4)
+	t.Run("prvt 0.5", s.previousVersion_0_5)
 }
 
 // Tests for working with repositories created by version 0.2
@@ -228,6 +229,59 @@ func (s *funcTestSuite) previousVersion_0_4(t *testing.T) {
 	close()
 }
 
+// Tests for working with repositories created by version 0.5
+func (s *funcTestSuite) previousVersion_0_5(t *testing.T) {
+	// Start the server
+	s.promptPwd.SetPasswords("hello world")
+	path := filepath.Join(s.fixtures, "previous-versions", "v0.5")
+	close := s.startServer(t, "--store", "local:"+path)
+
+	// Should be able to list files
+	list, err := s.listRequest("/")
+	if err != nil {
+		close()
+		t.Fatal(err)
+		return
+	}
+	assert.Len(t, list, 1)
+	assert.Equal(t, "pg1000.txt", list[0].Path)
+	assert.NotEmpty(t, list[0].MimeType)
+	assert.NotEmpty(t, list[0].Date)
+
+	// Should be able to request the file
+	s.previousVersionRequestFile(t, list[0].FileId)
+
+	// Stop the server
+	close()
+
+	// Upgrade the repo
+	s.promptPwd.SetPasswords("hello world")
+	runCmd(t,
+		[]string{"repo", "upgrade", "--store", "local:" + path},
+		nil,
+		func(stdout string) {
+			assert.Equal(t, "Repository upgraded\n", stdout)
+		},
+		nil,
+	)
+
+	// Check that the repo has been upgraded
+	s.previousVersionCheckInfoFile(t, path, 4)
+
+	// Try unlocking the repo again
+	s.promptPwd.SetPasswords("hello world")
+	close = s.startServer(t, "--store", "local:"+path)
+
+	// Should be able to list files
+	newList, err := s.listRequest("/")
+	assert.NoError(t, err)
+	assert.Len(t, newList, 1)
+	assert.True(t, reflect.DeepEqual(list, newList))
+
+	// Stop the server
+	close()
+}
+
 func (s *funcTestSuite) previousVersionRequestFile(t *testing.T, fileId string) {
 	t.Helper()
 
@@ -304,7 +358,7 @@ func (s *funcTestSuite) previousVersionCheckInfoFile(t *testing.T, path string,
 		t.Error(err)
 		return
 	}
-	assert.Equal(t, uint16(4), info.Version)
+	assert.Equal(t, uint16(5), info.Version)
 	assert.Len(t, info.Keys, 1)
 	assert.NotEmpty(t, info.RepoId)
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+{"app":"prvt","ver":4,"dp":"data","k":[{"m":"o7B/BE0HBhW6m6BP4ntjY7S4qNLXFqjSqrecH1yAULpIqrbxZA4puA==","s":"O0ZJv3+NDOyx4ZdkMfd5Gg==","p":"klfIuohyvZULyfibnuzxQMSrlODUsLhqwy9BYqIh2lQ="}],"id":"9e52eb06-a44a-4f89-819c-57dfdf8feee4"}`