Merge pull request #138 from ubclaunchpad/133-secure-private-key-storage

133 secure private key storage
ubclaunchpad · Jan 5, 2018 · c281f18 · c281f18
2 parents a5445a0 + 2cb737c
commit c281f18
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 10 deletions.
diff --git a/app/console.go b/app/console.go
@@ -134,36 +134,60 @@ func cryptoWallet(ctx *ishell.Context, app *App) {
 		if app.CurrentUser.CryptoWallet {
 			ctx.Print("CryptoWallet is already enabled")
 		} else {
-			ctx.Print("Please enter password: ")
+			ctx.Print("Enter password: ")
 			password := ctx.ReadPassword()
+
+			// Verify password complexity
+			if !VerifyPasswordComplexity(password) {
+				ctx.Println("Invalid password length (min 8 chars)")
+				ctx.Print("Re-enter password: ")
+				password = ctx.ReadPassword()
+			}
+			if !VerifyPasswordComplexity(password) {
+				ctx.Println("Invalid password length, unable to encrypt private key")
+				break
+			}
+
+			// Confirm password
+			ctx.Print("Confirm password: ")
+			password2 := ctx.ReadPassword()
+			if password != password2 {
+				ctx.Println("Passwords do not match")
+				ctx.Print("Confirm password: ")
+				password2 = ctx.ReadPassword()
+			}
+			if password != password2 {
+				ctx.Println("Passwords do not match, unable to encrypt private key")
+				break
+			}
+
 			err := encryptUser(ctx, app, password)
 			if err != nil {
-				ctx.Print("Unable to decrypt private key")
+				ctx.Println("Unable to encrypt private key")
 			} else {
-				ctx.Print("Successfully enabled cryptowallet")
+				ctx.Println("Successfully enabled cryptowallet")
 			}
 		}
 	case "disable":
 		if !app.CurrentUser.CryptoWallet {
 			ctx.Print("CryptoWallet is already disabled")
 			return
 		}
-		ctx.Print("Please enter password: ")
+		ctx.Print("Enter password: ")
 		password := ctx.ReadPassword()
 		err := decryptUser(ctx, app, password)
 
 		// Invalid password, try again
 		if InvalidPassword(err) {
-			ctx.Print("Inavalid password, please try again: ")
+			ctx.Print("Inavalid password, try again: ")
 			password = ctx.ReadPassword()
 			err = decryptUser(ctx, app, password)
 		}
 		if err != nil {
 			ctx.Println("Unable to decrypt private key")
-			return
+		} else {
+			ctx.Print("Successfully disabled cryptowallet")
 		}
-		ctx.Print("Successfully disabled cryptowallet")
-		return
 	case "status":
 		var s string
 		if app.CurrentUser.CryptoWallet {
@@ -200,13 +224,13 @@ func send(ctx *ishell.Context, app *App) {
 	cryptoWallet := false
 	password := ""
 	if app.CurrentUser.CryptoWallet {
-		ctx.Print("Please enter cryptowallet password: ")
+		ctx.Print("Enter cryptowallet password: ")
 		password = ctx.ReadPassword()
 		err = app.CurrentUser.DecryptPrivateKey(password)
 
 		// Invalid password, try again
 		if InvalidPassword(err) {
-			ctx.Print("Inavalid password, please try again: ")
+			ctx.Print("Inavalid password, try again: ")
 			password = ctx.ReadPassword()
 			err = app.CurrentUser.DecryptPrivateKey(password)
 		}

diff --git a/app/crypto.go b/app/crypto.go
@@ -14,11 +14,20 @@ import (
 https://golang.org/src/crypto/cipher/example_test.go
 */
 
+// Encryption utility constants
 const (
 	nonceSize = 12
 	saltSize  = 16
 )
 
+// Password complexity constants
+const (
+	// minPasswordLen represents the min password length in characters
+	minPasswordLen = 10
+	// maxPasswordLen = 128 represents the max password length in characters
+	maxPasswordLen = 128
+)
+
 // Encrypt encrypts cipherText with a given password
 func Encrypt(plainText []byte, password string) ([]byte, error) {
 
@@ -89,6 +98,11 @@ func Decrypt(cipherText []byte, password string) ([]byte, error) {
 	return plainText, nil
 }
 
+// VerifyPasswordComplexity verifies password complexity
+func VerifyPasswordComplexity(password string) bool {
+	return (len(password) >= minPasswordLen) && (len(password) <= maxPasswordLen)
+}
+
 // InvalidPassword is returned from Decrypt if an invalid password is used to
 // decrypt the ciphertext
 func InvalidPassword(err error) bool {

diff --git a/app/crypto_test.go b/app/crypto_test.go
@@ -27,3 +27,32 @@ func TestInvalidPassword(t *testing.T) {
 		t.Fail()
 	}
 }
+
+func TestPasswordComplexity(t *testing.T) {
+	test := "12345679"
+	if app.VerifyPasswordComplexity(test) {
+		t.Fail()
+	}
+
+	test = "12345678910"
+	if !app.VerifyPasswordComplexity(test) {
+		t.Fail()
+	}
+
+	test = ""
+	for i := 0; i < 128; i++ {
+		test += "1"
+	}
+	if !app.VerifyPasswordComplexity(test) {
+		t.Fail()
+	}
+
+	// Test 128 character length
+	test = ""
+	for i := 0; i < 129; i++ {
+		test += "1"
+	}
+	if app.VerifyPasswordComplexity(test) {
+		t.Fail()
+	}
+}