bdb50539de
More info regarding KeePass: http://keepass.info/ KeePass integration will use KeePassHttp (https://github.com/pfn/keepasshttp/) to facilitate communications between the client and KeePass. KeePassHttp is a plugin for KeePass 2.x and provides a secure means of exposing KeePass entries via HTTP for clients to consume. The implementation is dependent on the following: - crypter.h for AES encryption helper functions. - rpcprotocol.h for handling RPC communications. Could only be used partially however due some static values in the code. - OpenSSL for base64 encoding. regular util.h libraries were not used for base64 encoding/decoding since they do not use secure allocation. - JSON Spirit for reading / writing RPC communications The following changes were made: - Added CLI options in help - Added RPC commands: keepass <genkey|init|setpassphrase> - Added keepass.h and keepass.cpp which hold the integration routines - Modified rpcwallet.cpp to support RPC commands The following new options are available for darkcoind and darkcoin-qt: -keepass Use KeePass 2 integration using KeePassHttp plugin (default: 0) -keepassport=<port> Connect to KeePassHttp on port <port> (default: 19455) -keepasskey=<key> KeePassHttp key for AES encrypted communication with KeePass -keepassid=<name> KeePassHttp id for the established association -keepassname=<name> Name to construct url for KeePass entry that stores the wallet passphrase The following rpc commands are available: - keepass genkey: generates a base64 encoded 256 bit AES key that can be used for the communication with KeePassHttp. Only necessary for manual configuration. Use init for automatic configuration. - keepass init: sets up the association between darkcoind and keepass by generating an AES key and sending an association message to KeePassHttp. This will trigger KeePass to ask for an Id for the association. Returns the association and the base64 encoded string for the AES key. - keepass setpassphrase <passphrase>: updates the passphrase in KeePassHttp to a new value. This should match the passphrase you intend to use for the wallet. Please note that the standard RPC commands walletpassphrasechange and the wallet encrption from the QT GUI already send the updates to KeePassHttp, so this is only necessary for manual manipulation of the password. Sample initialization flow from darkcoin-qt console (this needs to be done only once to set up the association): - Have KeePass running with an open database - Start darkcoin-qt - Open console - type: "keepass init" in darkcoin-qt console - (keepass pops up and asks for an association id, fill that in). Example: mydrkwallet - response: Association successful. Id: mydrkwalletdarkcoin - Key: AgQkcs6cI7v9tlSYKjG/+s8wJrGALHl3jLosJpPLzUE= - Edit darkcoin.conf and fill in these values keepass=1 keepasskey=AgQkcs6cI7v9tlSYKjG/+s8wJrGALHl3jLosJpPLzUE= keepassid=mydrkwallet keepassname=testwallet - Restart darkcoin-qt At this point, the association is made. The next action depends on your particular situation: - current wallet is not yet encrypted. Encrypting the wallet will trigger the integration and stores the password in KeePass (Under the 'KeePassHttp Passwords' group, named after keepassname. - current wallet is already encrypted: use "keepass setpassphrase <passphrase>" to store the passphrase in KeePass. At this point, the passphrase is stored in KeePassHttp. When Unlocking the wallet, one can use keepass as the passphrase to trigger retrieval of the password. This works from the RPC commands as well as the GUI.
197 lines
6.2 KiB
C++
197 lines
6.2 KiB
C++
// Copyright (c) 2009-2013 The Bitcoin developers
|
|
// Distributed under the MIT/X11 software license, see the accompanying
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
#ifndef __CRYPTER_H__
|
|
#define __CRYPTER_H__
|
|
|
|
#include "allocators.h"
|
|
#include "serialize.h"
|
|
#include "keystore.h"
|
|
|
|
class uint256;
|
|
|
|
const unsigned int WALLET_CRYPTO_KEY_SIZE = 32;
|
|
const unsigned int WALLET_CRYPTO_SALT_SIZE = 8;
|
|
|
|
/*
|
|
Private key encryption is done based on a CMasterKey,
|
|
which holds a salt and random encryption key.
|
|
|
|
CMasterKeys are encrypted using AES-256-CBC using a key
|
|
derived using derivation method nDerivationMethod
|
|
(0 == EVP_sha512()) and derivation iterations nDeriveIterations.
|
|
vchOtherDerivationParameters is provided for alternative algorithms
|
|
which may require more parameters (such as scrypt).
|
|
|
|
Wallet Private Keys are then encrypted using AES-256-CBC
|
|
with the double-sha256 of the public key as the IV, and the
|
|
master key's key as the encryption key (see keystore.[ch]).
|
|
*/
|
|
|
|
/** Master key for wallet encryption */
|
|
class CMasterKey
|
|
{
|
|
public:
|
|
std::vector<unsigned char> vchCryptedKey;
|
|
std::vector<unsigned char> vchSalt;
|
|
// 0 = EVP_sha512()
|
|
// 1 = scrypt()
|
|
unsigned int nDerivationMethod;
|
|
unsigned int nDeriveIterations;
|
|
// Use this for more parameters to key derivation,
|
|
// such as the various parameters to scrypt
|
|
std::vector<unsigned char> vchOtherDerivationParameters;
|
|
|
|
IMPLEMENT_SERIALIZE
|
|
(
|
|
READWRITE(vchCryptedKey);
|
|
READWRITE(vchSalt);
|
|
READWRITE(nDerivationMethod);
|
|
READWRITE(nDeriveIterations);
|
|
READWRITE(vchOtherDerivationParameters);
|
|
)
|
|
CMasterKey()
|
|
{
|
|
// 25000 rounds is just under 0.1 seconds on a 1.86 GHz Pentium M
|
|
// ie slightly lower than the lowest hardware we need bother supporting
|
|
nDeriveIterations = 25000;
|
|
nDerivationMethod = 0;
|
|
vchOtherDerivationParameters = std::vector<unsigned char>(0);
|
|
}
|
|
};
|
|
|
|
typedef std::vector<unsigned char, secure_allocator<unsigned char> > CKeyingMaterial;
|
|
|
|
/** Encryption/decryption context with key information */
|
|
class CCrypter
|
|
{
|
|
private:
|
|
unsigned char chKey[WALLET_CRYPTO_KEY_SIZE];
|
|
unsigned char chIV[WALLET_CRYPTO_KEY_SIZE];
|
|
bool fKeySet;
|
|
|
|
public:
|
|
bool SetKeyFromPassphrase(const SecureString &strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod);
|
|
bool Encrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned char> &vchCiphertext);
|
|
bool Decrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext);
|
|
bool SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigned char>& chNewIV);
|
|
|
|
void CleanKey()
|
|
{
|
|
OPENSSL_cleanse(chKey, sizeof(chKey));
|
|
OPENSSL_cleanse(chIV, sizeof(chIV));
|
|
fKeySet = false;
|
|
}
|
|
|
|
CCrypter()
|
|
{
|
|
fKeySet = false;
|
|
|
|
// Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
|
|
// Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
|
|
// Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
|
|
LockedPageManager::Instance().LockRange(&chKey[0], sizeof chKey);
|
|
LockedPageManager::Instance().LockRange(&chIV[0], sizeof chIV);
|
|
}
|
|
|
|
~CCrypter()
|
|
{
|
|
CleanKey();
|
|
|
|
LockedPageManager::Instance().UnlockRange(&chKey[0], sizeof chKey);
|
|
LockedPageManager::Instance().UnlockRange(&chIV[0], sizeof chIV);
|
|
}
|
|
};
|
|
|
|
bool EncryptSecret(const CKeyingMaterial& vMasterKey, const CKeyingMaterial &vchPlaintext, const uint256& nIV, std::vector<unsigned char> &vchCiphertext);
|
|
bool DecryptSecret(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char>& vchCiphertext, const uint256& nIV, CKeyingMaterial& vchPlaintext);
|
|
|
|
bool EncryptAES256(const SecureString& sKey, const SecureString& sPlaintext, const std::string& sIV, std::string& sCiphertext);
|
|
bool DecryptAES256(const SecureString& sKey, const std::string& sCiphertext, const std::string& sIV, SecureString& sPlaintext);
|
|
|
|
|
|
/** Keystore which keeps the private keys encrypted.
|
|
* It derives from the basic key store, which is used if no encryption is active.
|
|
*/
|
|
class CCryptoKeyStore : public CBasicKeyStore
|
|
{
|
|
private:
|
|
CryptedKeyMap mapCryptedKeys;
|
|
|
|
CKeyingMaterial vMasterKey;
|
|
|
|
// if fUseCrypto is true, mapKeys must be empty
|
|
// if fUseCrypto is false, vMasterKey must be empty
|
|
bool fUseCrypto;
|
|
|
|
protected:
|
|
bool SetCrypted();
|
|
|
|
// will encrypt previously unencrypted keys
|
|
bool EncryptKeys(CKeyingMaterial& vMasterKeyIn);
|
|
|
|
bool Unlock(const CKeyingMaterial& vMasterKeyIn);
|
|
|
|
public:
|
|
CCryptoKeyStore() : fUseCrypto(false)
|
|
{
|
|
}
|
|
|
|
bool IsCrypted() const
|
|
{
|
|
return fUseCrypto;
|
|
}
|
|
|
|
bool IsLocked() const
|
|
{
|
|
if (!IsCrypted())
|
|
return false;
|
|
bool result;
|
|
{
|
|
LOCK(cs_KeyStore);
|
|
result = vMasterKey.empty();
|
|
}
|
|
return result;
|
|
}
|
|
|
|
bool Lock();
|
|
|
|
virtual bool AddCryptedKey(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret);
|
|
bool AddKeyPubKey(const CKey& key, const CPubKey &pubkey);
|
|
bool HaveKey(const CKeyID &address) const
|
|
{
|
|
{
|
|
LOCK(cs_KeyStore);
|
|
if (!IsCrypted())
|
|
return CBasicKeyStore::HaveKey(address);
|
|
return mapCryptedKeys.count(address) > 0;
|
|
}
|
|
return false;
|
|
}
|
|
bool GetKey(const CKeyID &address, CKey& keyOut) const;
|
|
bool GetPubKey(const CKeyID &address, CPubKey& vchPubKeyOut) const;
|
|
void GetKeys(std::set<CKeyID> &setAddress) const
|
|
{
|
|
if (!IsCrypted())
|
|
{
|
|
CBasicKeyStore::GetKeys(setAddress);
|
|
return;
|
|
}
|
|
setAddress.clear();
|
|
CryptedKeyMap::const_iterator mi = mapCryptedKeys.begin();
|
|
while (mi != mapCryptedKeys.end())
|
|
{
|
|
setAddress.insert((*mi).first);
|
|
mi++;
|
|
}
|
|
}
|
|
|
|
/* Wallet status (encrypted, locked) changed.
|
|
* Note: Called without locks held.
|
|
*/
|
|
boost::signals2::signal<void (CCryptoKeyStore* wallet)> NotifyStatusChanged;
|
|
};
|
|
|
|
#endif
|