Mongo key encryption

[VakarisZ]

What does this PR do?

Fixes #1463

PR Checklist

• Have you added an explanation of what your changes do and why you'd like to include them?
• Is the TravisCI build passing?
• Was the CHANGELOG.md updated to reflect the changes?
• Was the documentation framework updated to reflect the changes?

Testing Checklist

• Added relevant unit tests?
• Have you successfully tested your changes locally? Elaborate:

  Tested by Registering, logging in, resetting the user

[VakarisZ]

Is it worth it? I think it is. It will allow us to remove the extra step of delete this mongo key from credential reset procedure

[mssalvatore]

Makes sense, as long as it's appropriately encapsulated.

[codecov]

Codecov Report

Merging #1506 (ddff2f0) into develop (f387595) will increase coverage by 0.12%.
The diff coverage is 70.71%.

@@             Coverage Diff             @@
##           develop    #1506      +/-   ##
===========================================
+ Coverage    42.69%   42.82%   +0.12%     
===========================================
  Files          476      478       +2     
  Lines        14202    14242      +40     
===========================================
+ Hits          6064     6099      +35     
- Misses        8138     8143       +5     

Impacted Files	Coverage Δ
monkey/monkey_island/cc/app.py	79.69% <ø> (+0.43%)	⬆️
...monkey_island/cc/resources/configuration_import.py	61.29% <0.00%> (ø)
monkey/monkey_island/cc/server_setup.py	0.00% <ø> (ø)
.../server_utils/encryption/encryptors/i_encryptor.py	100.00% <ø> (ø)
...utils/encryption/encryptors/key_based_encryptor.py	100.00% <ø> (ø)
...attack/technique_reports/technique_report_tools.py	23.52% <0.00%> (ø)
monkey/monkey_island/cc/services/database.py	58.33% <ø> (+2.77%)	⬆️
monkey/monkey_island/cc/services/initialize.py	0.00% <0.00%> (ø)
...island/cc/services/telemetry/processing/exploit.py	26.92% <0.00%> (ø)
...nd/cc/services/telemetry/processing/system_info.py	27.41% <0.00%> (ø)
... and 14 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f387595...ddff2f0. Read the comment docs.

[VakarisZ]

@mssalvatore take a look at commit 4f17693.
Multiple things are changed there:

• Password utils renamed to credential utils
• Credential utils moved to a single file to be more reusable between registration and login. Registration page changed to use 'username' instead of 'user', same as login page
• Data store encryptor initialization split up into 2 parts: dir initialization and key decryption/setup.

Separating these changes into different commits post-factum seems more work than it's worth. Doing refactoring first requires a lot of forethought. We could separate the things roughly by modified files, but the it will introducuse system-breaking commits.

[mssalvatore]

Dnt abbrv.

Or at least abbreviate consistently. This function is get_creds...(), whereas above there is get_user_credentials...() My preference is to use "credentials" in these names.

[mssalvatore]

I think this should be handled in setup_datastore_key(). Pass it the username and password and let it worry about what to do with them.

[mssalvatore]

"_key_based"

[mssalvatore]

Suggested change

	class PasswordBasedStringEncryptor(IEncryptor):
	_BUFFER_SIZE = pyAesCrypt.crypto.bufferSizeDef
	def __init__(self, password: str):
	self.password = password
	def encrypt(self, plaintext: str) -> str:
	plaintext_stream = io.BytesIO(plaintext.encode())
	ciphertext = PasswordBasedByteEncryptor(self.password).encrypt(plaintext_stream)
	return base64.b64encode(ciphertext.getvalue()).decode()
	def decrypt(self, ciphertext: str) -> str:
	ciphertext = base64.b64decode(ciphertext)
	ciphertext_stream = io.BytesIO(ciphertext)
	plaintext_stream = PasswordBasedByteEncryptor(self.password).decrypt(ciphertext_stream)
	return plaintext_stream.getvalue().decode("utf-8")
	class PasswordBasedStringEncryptor(IEncryptor):
	_BUFFER_SIZE = pyAesCrypt.crypto.bufferSizeDef
	def __init__(self, password: str):
	self._bytes_encryptor = PasswordBasedByteEncryptor(password)
	def encrypt(self, plaintext: str) -> str:
	plaintext_stream = io.BytesIO(plaintext.encode())
	ciphertext = self._bytes_encryptor.encrypt(plaintext_stream)
	return base64.b64encode(ciphertext.getvalue()).decode()
	def decrypt(self, ciphertext: str) -> str:
	ciphertext = base64.b64decode(ciphertext)
	ciphertext_stream = io.BytesIO(ciphertext)
	plaintext_stream = self._bytes_encryptor.decrypt(ciphertext_stream)
	return plaintext_stream.getvalue().decode("utf-8")

[mssalvatore]

What about "PasswordBasedBytesEncryptor"? "Byte" makes it seem like it encrypts a single byte.

[mssalvatore]

The file name should match the class name.

[mssalvatore]

I think this should take bytes, not BytesIO. Anything that has to use it (such as PasswordBasedStringEncryptor) has to convert first to bytes and then to BytesIO. Anything that already has data as bytes has to then convert it to BytesIO.

The only reason that it needs to be BytesIO is because that's what pyAesCrypt expects. This signature requiring BytesIO leaks implementation details to the callers.

[ilija-lazoroski]

I agree on this. It will also improve readability where we use the functions.

[mssalvatore]

I think this two-phased construction approach adds unnecessary complexity to the encryptor. I think we can solve this in a better way by using a factory. We can discuss options on Zoom.

[VakarisZ]

You mean that database initializer is constructed first and the key is initialized later? Or that we either load the key or create one?

[mssalvatore]

While we're here:

def test_create_new_password_file(tmp_path):
    initialize_datastore_encryptor(tmp_path)
    setup_datastore_key(ENCRYPTOR_SECRET)
    assert (tmp_path / DataStoreEncryptor._KEY_FILENAME).is_file()

[mssalvatore]

Suggested change

	def _credentials_match_registered_user(username: str, password: str):
	def _credentials_match_registered_user(username: str, password: str) -> bool:

[mssalvatore]

The file name should match the class name.

[mssalvatore]

Suggested change

	def test_key_removal(initialized_key_dir, monkeypatch):
	def test_key_removal(initialized_key_dir):

[mssalvatore]

We should add an encryption/decryption test.

[mssalvatore]

Factories are responsible for constructing objects. We should have factory.set_key_file_path() and factory.set_secret() and then call factory.construct_data_store_encryptor() or similar.

[VakarisZ]

Yes, this is not a factory, it's a class that handles initialization parameters for data store encryptor. I'm not sure what would be a better name, maybe DataStoreEncryptorInitializer? I don't see any benefits in making this an actual factory, since the output object will not be different depending on key file path and secret. What is more, the usage of such factory is less intuitive. The registration resource would have to factory.set_secret() then built_encryptor = factory.construct_data_store_encryptor() and finally set_encryptor(built_encryptor). Now it's only one call - initialize_datastore_encryptor(username, password).

[mssalvatore]

I think we can simplify this way down. I'm going to dig into it a bit.

[VakarisZ]

I'll try to refactor and see how it looks

[mssalvatore]

Prefer pathlib

[mssalvatore]

If the DataStoreEncryptor is a thin wrapper around KeyBasedEncryptor with no logic, I'd rather get_datastore_encryptor() return an IEncryptor and just return a concrete KeyBasedEncryptor. We can refactor everything to use encrypt() and decrypt() instead of enc() and dec(), which is better anyway.

[VakarisZ]

can't do from monkey_island.cc.server_utils.encryption import PasswordBasedBytesEncryptor because of circular imports. 🤔

[mssalvatore]

I think this iteration looks much better. I have some thoughts on cleaning this up a bit further, but if all of the automated and manual tests pass, let's merge it.