github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/secret_store_file.go (about) 1 // Copyright 2015 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package libkb 5 6 import ( 7 "fmt" 8 "os" 9 "path/filepath" 10 "runtime" 11 ) 12 13 type secretBytes [LKSecLen]byte 14 15 func NewErrSecretForUserNotFound(username NormalizedUsername) SecretStoreError { 16 return SecretStoreError{ 17 Msg: fmt.Sprintf("No secret found for %s", username), 18 } 19 } 20 21 type SecretStoreFile struct { 22 dir string 23 notifyCreate func(NormalizedUsername) 24 } 25 26 var _ SecretStoreAll = (*SecretStoreFile)(nil) 27 28 func NewSecretStoreFile(dir string) *SecretStoreFile { 29 return &SecretStoreFile{dir: dir} 30 } 31 32 func (s *SecretStoreFile) RetrieveSecret(mctx MetaContext, username NormalizedUsername) (secret LKSecFullSecret, err error) { 33 defer mctx.Trace(fmt.Sprintf("SecretStoreFile.RetrieveSecret(%s)", username), &err)() 34 mctx.Debug("Retrieving secret V2 from file") 35 secret, err = s.retrieveSecretV2(mctx, username) 36 switch err.(type) { 37 case nil: 38 return secret, nil 39 case SecretStoreError: 40 default: 41 return LKSecFullSecret{}, err 42 } 43 44 // check for v1 45 mctx.Debug("Retrieving secret V1 from file") 46 secret, err = s.retrieveSecretV1(mctx, username) 47 if err != nil { 48 return LKSecFullSecret{}, err 49 } 50 51 // upgrade to v2 52 if err = s.StoreSecret(mctx, username, secret); err != nil { 53 return secret, err 54 } 55 if err = s.clearSecretV1(username); err != nil { 56 return secret, err 57 } 58 return secret, nil 59 } 60 61 func (s *SecretStoreFile) retrieveSecretV1(mctx MetaContext, username NormalizedUsername) (LKSecFullSecret, error) { 62 userpath := s.userpath(username) 63 mctx.Debug("SecretStoreFile.retrieveSecretV1: checking path: %s", userpath) 64 secret, err := os.ReadFile(userpath) 65 if err != nil { 66 if os.IsNotExist(err) { 67 return LKSecFullSecret{}, NewErrSecretForUserNotFound(username) 68 } 69 70 return LKSecFullSecret{}, err 71 } 72 73 return newLKSecFullSecretFromBytes(secret) 74 } 75 76 func (s *SecretStoreFile) retrieveSecretV2(mctx MetaContext, username NormalizedUsername) (LKSecFullSecret, error) { 77 userpath := s.userpathV2(username) 78 mctx.Debug("SecretStoreFile.retrieveSecretV2: checking path: %s", userpath) 79 xor, err := os.ReadFile(userpath) 80 if err != nil { 81 if os.IsNotExist(err) { 82 return LKSecFullSecret{}, NewErrSecretForUserNotFound(username) 83 } 84 85 return LKSecFullSecret{}, err 86 } 87 88 noise, err := os.ReadFile(s.noisepathV2(username)) 89 if err != nil { 90 if os.IsNotExist(err) { 91 return LKSecFullSecret{}, NewErrSecretForUserNotFound(username) 92 } 93 94 return LKSecFullSecret{}, err 95 } 96 97 var xorFixed secretBytes 98 copy(xorFixed[:], xor) 99 var noiseFixed NoiseBytes 100 copy(noiseFixed[:], noise) 101 secret, err := NoiseXOR(xorFixed, noiseFixed) 102 if err != nil { 103 return LKSecFullSecret{}, err 104 } 105 106 return newLKSecFullSecretFromBytes(secret) 107 } 108 109 func (s *SecretStoreFile) StoreSecret(mctx MetaContext, username NormalizedUsername, secret LKSecFullSecret) (err error) { 110 defer mctx.Trace(fmt.Sprintf("SecretStoreFile.StoreSecret(%s)", username), &err)() 111 noise, err := MakeNoise() 112 if err != nil { 113 return err 114 } 115 var secretFixed secretBytes 116 copy(secretFixed[:], secret.Bytes()) 117 xor, err := NoiseXOR(secretFixed, noise) 118 if err != nil { 119 return err 120 } 121 122 if err := os.MkdirAll(s.dir, PermDir); err != nil { 123 return err 124 } 125 126 fsec, err := os.CreateTemp(s.dir, username.String()) 127 if err != nil { 128 return err 129 } 130 fnoise, err := os.CreateTemp(s.dir, username.String()) 131 if err != nil { 132 return err 133 } 134 135 // remove the temp file if it still exists at the end of this function 136 defer func() { _ = ShredFile(fsec.Name()) }() 137 defer func() { _ = ShredFile(fnoise.Name()) }() 138 139 if runtime.GOOS != "windows" { 140 // os.Fchmod not supported on windows 141 if err := fsec.Chmod(PermFile); err != nil { 142 return err 143 } 144 if err := fnoise.Chmod(PermFile); err != nil { 145 return err 146 } 147 } 148 if _, err := fsec.Write(xor); err != nil { 149 return err 150 } 151 if err := fsec.Close(); err != nil { 152 return err 153 } 154 if _, err := fnoise.Write(noise[:]); err != nil { 155 return err 156 } 157 if err := fnoise.Close(); err != nil { 158 return err 159 } 160 161 finalSec := s.userpathV2(username) 162 finalNoise := s.noisepathV2(username) 163 164 exists, err := FileExists(finalSec) 165 if err != nil { 166 return err 167 } 168 169 // NOTE: Pre-existing maybe-bug: I think this step breaks atomicity. It's 170 // possible that the rename below fails, in which case we'll have already 171 // destroyed the previous value. 172 173 // On Unix we could solve this by hard linking the old file to a new tmp 174 // location, and then shredding it after the rename. On Windows, I think 175 // we'd need to somehow call the ReplaceFile Win32 function (which Go 176 // doesn't expose anywhere as far as I know, so this would require CGO) to 177 // take advantage of its lpBackupFileName param. 178 if exists { 179 // shred the existing secret 180 if err := s.clearSecretV2(username); err != nil { 181 return err 182 } 183 } 184 185 if err := os.Rename(fsec.Name(), finalSec); err != nil { 186 return err 187 } 188 if err := os.Rename(fnoise.Name(), finalNoise); err != nil { 189 return err 190 } 191 192 if err := os.Chmod(finalSec, PermFile); err != nil { 193 return err 194 } 195 if err := os.Chmod(finalNoise, PermFile); err != nil { 196 return err 197 } 198 199 // if we just created the secret store file for the 200 // first time, notify anyone interested. 201 if !exists && s.notifyCreate != nil { 202 s.notifyCreate(username) 203 } 204 205 return nil 206 } 207 208 func (s *SecretStoreFile) ClearSecret(mctx MetaContext, username NormalizedUsername) (err error) { 209 defer mctx.Trace(fmt.Sprintf("SecretStoreFile.ClearSecret(%s)", username), &err)() 210 // try both 211 212 if username.IsNil() { 213 mctx.Debug("NOOPing SecretStoreFile#ClearSecret for empty username") 214 return nil 215 } 216 217 errV1 := s.clearSecretV1(username) 218 errV2 := s.clearSecretV2(username) 219 220 err = CombineErrors(errV1, errV2) 221 if err != nil { 222 mctx.Debug("Failed to clear secret in at least one version: %s", err) 223 return err 224 } 225 return nil 226 } 227 228 func (s *SecretStoreFile) clearSecretV1(username NormalizedUsername) error { 229 if err := ShredFile(s.userpath(username)); err != nil { 230 if os.IsNotExist(err) { 231 return nil 232 } 233 return err 234 } 235 236 return nil 237 } 238 239 func (s *SecretStoreFile) clearSecretV2(username NormalizedUsername) error { 240 exists, err := FileExists(s.noisepathV2(username)) 241 if err != nil { 242 return err 243 } 244 if !exists { 245 return nil 246 } 247 248 nerr := ShredFile(s.noisepathV2(username)) 249 uerr := ShredFile(s.userpathV2(username)) 250 if nerr != nil { 251 return nerr 252 } 253 if uerr != nil { 254 return uerr 255 } 256 return nil 257 } 258 259 func (s *SecretStoreFile) GetUsersWithStoredSecrets(mctx MetaContext) (users []string, err error) { 260 defer mctx.Trace("SecretStoreFile.GetUsersWithStoredSecrets", &err)() 261 files, err := filepath.Glob(filepath.Join(s.dir, "*.ss*")) 262 if err != nil { 263 return nil, err 264 } 265 users = make([]string, 0, len(files)) 266 for _, f := range files { 267 uname := stripExt(filepath.Base(f)) 268 if !isPPSSecretStore(uname) { 269 users = append(users, uname) 270 } 271 } 272 return users, nil 273 } 274 275 func (s *SecretStoreFile) userpath(username NormalizedUsername) string { 276 return filepath.Join(s.dir, fmt.Sprintf("%s.ss", username)) 277 } 278 279 func (s *SecretStoreFile) userpathV2(username NormalizedUsername) string { 280 return filepath.Join(s.dir, fmt.Sprintf("%s.ss2", username)) 281 } 282 283 func (s *SecretStoreFile) noisepathV2(username NormalizedUsername) string { 284 return filepath.Join(s.dir, fmt.Sprintf("%s.ns2", username)) 285 } 286 287 func (s *SecretStoreFile) GetOptions(MetaContext) *SecretStoreOptions { return nil } 288 func (s *SecretStoreFile) SetOptions(MetaContext, *SecretStoreOptions) {} 289 290 func stripExt(path string) string { 291 for i := len(path) - 1; i >= 0 && !os.IsPathSeparator(path[i]); i-- { 292 if path[i] == '.' { 293 return path[:i] 294 } 295 } 296 return "" 297 }