Initial work on using session-based master key ciphers

2024-05-10 07:54:54 +00:00 · 2017-02-02 21:26:51 -05:00
parent 2408d78f47
commit cf66f67fb6
2 changed files with 59 additions and 40 deletions
--- a/netbox/secrets/api/views.py
+++ b/netbox/secrets/api/views.py
@ -1,5 +1,7 @@
 import base64
+from Crypto.Cipher import XOR
 from Crypto.PublicKey import RSA
+import os

 from django.http import HttpResponseBadRequest

@ -20,6 +22,7 @@ from . import serializers

 ERR_USERKEY_MISSING = "No UserKey found for the current user."
 ERR_USERKEY_INACTIVE = "UserKey has not been activated for decryption."
+ERR_PRIVKEY_MISSING = "Private key was not provided."
 ERR_PRIVKEY_INVALID = "Invalid private key."


@ -38,7 +41,6 @@ class SecretRoleViewSet(ModelViewSet):
 #

 # TODO: Need to implement custom create() and update() methods to handle secret encryption.
-# TODO: Figure out a better way of transmitting the private key
 class SecretViewSet(WritableSerializerMixin, ModelViewSet):
    queryset = Secret.objects.select_related(
        'device__primary_ip4', 'device__primary_ip6', 'role',
@ -54,58 +56,33 @@ class SecretViewSet(WritableSerializerMixin, ModelViewSet):
    authentication_classes = [BasicAuthentication, SessionAuthentication]
    permission_classes = [IsAuthenticated]

-    # The user's private key must be sent as a header (X-Private-Key). To overcome limitations around sending line
-    # breaks in a header field, the key must be base64-encoded and stripped of all whitespace. This is a temporary
-    # kludge until a more elegant approach can be devised.
-    def _get_private_key(self, request):
-        private_key_b64 = request.META.get('HTTP_X_PRIVATE_KEY', None)
-        if private_key_b64 is None:
+    def _get_master_key(self, request):
+        cached_key = request.session.get('cached_key', None)
+        session_key = request.COOKIES.get('session_key', None)
+        if cached_key is None or session_key is None:
            return None
-        # TODO: Handle invalid encoding
-        return base64.b64decode(private_key_b64)
+
+        cached_key = base64.b64decode(cached_key)
+        session_key = base64.b64decode(session_key)
+
+        xor = XOR.new(session_key)
+        master_key = xor.encrypt(cached_key)
+        return master_key

    def retrieve(self, request, *args, **kwargs):
-        private_key = self._get_private_key(request)
+        master_key = self._get_master_key(request)
        secret = self.get_object()

-        # Attempt to unlock the Secret if a private key was provided
-        if private_key is not None:
-
-            try:
-                user_key = UserKey.objects.get(user=request.user)
-            except UserKey.DoesNotExist:
-                return HttpResponseBadRequest(ERR_USERKEY_MISSING)
-            if not user_key.is_active():
-                return HttpResponseBadRequest(ERR_USERKEY_INACTIVE)
-
-            master_key = user_key.get_master_key(private_key)
-            if master_key is None:
-                return HttpResponseBadRequest(ERR_PRIVKEY_INVALID)
-
+        if master_key is not None:
            secret.decrypt(master_key)

        serializer = self.get_serializer(secret)
        return Response(serializer.data)

    def list(self, request, *args, **kwargs):
-        private_key = self._get_private_key(request)
+        master_key = self._get_master_key(request)
        queryset = self.filter_queryset(self.get_queryset())

-        # Attempt to unlock the Secrets if a private key was provided
-        master_key = None
-        if private_key is not None:
-
-            try:
-                user_key = UserKey.objects.get(user=request.user)
-            except UserKey.DoesNotExist:
-                return HttpResponseBadRequest(ERR_USERKEY_MISSING)
-            if not user_key.is_active():
-                return HttpResponseBadRequest(ERR_USERKEY_INACTIVE)
-
-            master_key = user_key.get_master_key(private_key)
-            if master_key is None:
-                return HttpResponseBadRequest(ERR_PRIVKEY_INVALID)
-
        # Pagination
        page = self.paginate_queryset(queryset)
        if page is not None:
@ -145,3 +122,44 @@ class RSAKeyGeneratorView(APIView):
            'private_key': private_key,
            'public_key': public_key,
        })
+
+
+class GetSessionKey(APIView):
+    """
+    Cache an encrypted copy of the master key derived from the submitted private key.
+    """
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request):
+
+        # Read private key
+        private_key = request.POST.get('private_key', None)
+        if private_key is None:
+            return HttpResponseBadRequest(ERR_PRIVKEY_MISSING)
+
+        # Validate user key
+        try:
+            user_key = UserKey.objects.get(user=request.user)
+        except UserKey.DoesNotExist:
+            return HttpResponseBadRequest(ERR_USERKEY_MISSING)
+        if not user_key.is_active():
+            return HttpResponseBadRequest(ERR_USERKEY_INACTIVE)
+
+        # Validate private key
+        master_key = user_key.get_master_key(private_key)
+        if master_key is None:
+            return HttpResponseBadRequest(ERR_PRIVKEY_INVALID)
+
+        # Generate a random 256-bit encryption key
+        session_key = os.urandom(32)
+        xor = XOR.new(session_key)
+        cached_key = xor.encrypt(master_key)
+
+        # Save XORed copy of the master key
+        request.session['cached_key'] = base64.b64encode(cached_key)
+
+        response = Response({
+            'session_key': base64.b64encode(session_key),
+        })
+        response.set_cookie('session_key', base64.b64encode(session_key))
+        return response