Don't keep masterKey in memory

cozy · Feb 24, 2016 · c528356 · c528356
1 parent ce2b9b1
commit c528356
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 39 deletions.
diff --git a/server/lib/encryption.coffee b/server/lib/encryption.coffee
@@ -11,7 +11,6 @@ user = new User()
 
 cryptoTools = new CryptoTools()
 
-masterKey = null
 slaveKey = null
 day = 24 * 60 * 60 * 1000
 
@@ -48,7 +47,7 @@ getBody = (domain) ->
 
 resetTimeout = -> timeout = null
 sendMailNow = ->
-    if (masterKey? and slaveKey?)
+    if slaveKey?
         return resetTimeout()
 
     user.getUser (err, user) ->
@@ -79,12 +78,10 @@ sendMail = ->
 
 
 ## function updateKeys (oldKey,password, encryptedslaveKey, callback)
-## @oldKey {string} Old master key
 ## @password {string} user's password
-## @encryptedslaveKey {string} encrypted slave key
 ## @callback {function} Continuation to pass control back to when complete.
 ## Update keys, return in data new encrypted slave key and new salt
-updateKeys = (oldKey, password, encryptedslaveKey, callback) ->
+updateKeys = (password, callback) ->
     salt = cryptoTools.genSalt(32 - password.length)
     masterKey = cryptoTools.genHashWithSalt password, salt
     encryptedSlaveKey = cryptoTools.encrypt masterKey, slaveKey
@@ -98,28 +95,25 @@ updateKeys = (oldKey, password, encryptedslaveKey, callback) ->
 ## Return encrypted password
 exports.encrypt = (password) ->
     if password? and process.env.NODE_ENV isnt "development"
-        if masterKey? and slaveKey?
+        if slaveKey?
             newPwd = cryptoTools.encrypt slaveKey, password
             return newPwd
         else
             sendMail()
-            err = new Error "master key and slave key don't exist"
+            err = new Error "slave key doesn't exist"
             logger.error err.message
             throw err
     else
         return password
 
 
-exports.get = -> return masterKey
-
-
 ## function decrypt (password, callback)
 ## @password {string} document password
 ## @callback {function} Continuation to pass control back to when complete.
 ## Return decrypted password if password was encrypted
 exports.decrypt = (password) ->
     if password? and process.env.NODE_ENV isnt "development"
-        if masterKey? and slaveKey?
+        if slaveKey?
             newPwd = password
             try
                 newPwd = cryptoTools.decrypt slaveKey, password
@@ -178,18 +172,12 @@ exports.logIn = (password, user, callback) ->
 ## @callback {function} Continuation to pass control back to when complete.
 ## Update keys when user changes his password
 exports.update = (password, user, callback) ->
-    unless masterKey? and slaveKey?
-        err = errors.http 400, "masterKey and slaveKey don't exist"
-        logger.error "[update] : #{err}"
-        return callback err
-
-    if masterKey.length isnt 32
-        err = errors.http 400, """
-            password to initialize keys is different than user password"""
+    unless slaveKey?
+        err = errors.http 400, "slaveKey doesn't exist"
         logger.error "[update] : #{err}"
         return callback err
 
-    updateKeys masterKey, password, slaveKey, (data) ->
+    updateKeys password, (data) ->
         db.merge user._id, data, (err, res) ->
             if err
                 logger.error "[update] : #{err}"
@@ -211,6 +199,6 @@ exports.reset = (user, callback) ->
             callback()
 
 ## function isLog ()
-## Return if keys exist so if user is connected
+## Return true if slaveKey exists, which indicates if user is connected
 exports.isLog = ->
-    return slaveKey? and masterKey?
+    return slaveKey?
diff --git a/tests/account_tests.coffee b/tests/account_tests.coffee
@@ -5,8 +5,6 @@ prefix = helpers.prefix
 Crypto = require "#{prefix}server/lib/crypto_tools"
 User = require "#{prefix}server/lib/user"
 randomString = require("#{prefix}server/lib/random").randomString
-encryption = require "#{prefix}server/lib/encryption"
-getMasterKey = encryption.get
 db = require("#{prefix}server/helpers/db_connect_helper").db_connect()
 client = helpers.getClient()
 crypto = new Crypto()
@@ -88,17 +86,12 @@ describe "Account handling tests", ->
                 should.not.equal @salt, undefined
                 @salt.length.should.equal 24
 
-            it "And master key should be initialized", ->
-                @masterKey = crypto.genHashWithSalt @cozyPwd, @salt
-                key = getMasterKey()
-                should.not.equal key, null
-                key.should.equal @masterKey
-
             it "And object 'User' should have a slave key", ->
                 @body.should.have.property 'slaveKey'
                 @encryptedSlaveKey = @body.slaveKey
 
             it "And the length of the slave key should be equal to 32", ->
+                @masterKey = crypto.genHashWithSalt @cozyPwd, @salt
                 @slaveKey = crypto.decrypt @masterKey, @encryptedSlaveKey
                 @slaveKey.length.should.be.equal 32
 
@@ -125,17 +118,12 @@ describe "Account handling tests", ->
                 should.not.equal @salt, undefined
                 @salt.length.should.equal 24
 
-            it "And master key should be initialized", ->
-                @masterKey = crypto.genHashWithSalt @cozyPwd, @salt
-                key = getMasterKey()
-                should.not.equal key, null
-                key.should.equal @masterKey
-
             it "And object 'User' should have a slave key", ->
                 @body.should.have.property 'slaveKey'
                 @encryptedSlaveKey = @body.slaveKey
 
             it "And the length of the slave key should be equal to 32", ->
+                @masterKey = crypto.genHashWithSalt @cozyPwd, @salt
                 @slaveKey = crypto.decrypt @masterKey, @encryptedSlaveKey
                 @slaveKey.length.should.be.equal 32
 

diff --git a/tests/encryption_tests.coffee b/tests/encryption_tests.coffee
@@ -3,8 +3,6 @@ helpers = require './helpers'
 
 Crypto = require "#{helpers.prefix}server/lib/crypto_tools"
 User = require "#{helpers.prefix}server/lib/user"
-randomString = require("#{helpers.prefix}server/lib/random").randomString
-getMasterKey = require("#{helpers.prefix}server/lib/encryption").get
 
 # connection to DB for "hand work"
 db = require("#{helpers.prefix}server/helpers/db_connect_helper").db_connect()
@@ -157,4 +155,4 @@ describe "Encryption handling tests", ->
             it "When I add a document with password", (done) ->
                 client.post '/request/user/all/', {}, (err, res, body) =>
                     body[0].value.password.should.equal "password"
-                    done()
+                    done()