Fixed the realm key derivation scheme. Password change support added.feature/password-changes

author: Ladar Levison <ladar@lavabit.com> 2018-07-18 09:24:30 +0300
committer: Ladar Levison <ladar@lavabit.com> 2018-07-18 09:24:30 +0300
commit: 84cf9d57a2b72d73461dd677ea9e15fcf6ff5cef (patch)
tree: c1ff97f8b75b5c7e37d1e744774762342158a88a /check
parent: b4ef1c2bedf53b5a57c0c9aa8990adcff6a4efa0 (diff)
5 files changed, 19 insertions, 23 deletions
diff --git a/check/magma/mail/load_check.c b/check/magma/mail/load_check.c
index 6999a829..f1a40994 100644
--- a/check/magma/mail/load_check.c
+++ b/check/magma/mail/load_check.c
@@ -37,7 +37,7 @@ bool_t check_mail_load_sthread(stringer_t *errmsg) {
 			result = false;
 		}
 
-		else if (meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification,
+		else if (meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification,
 			META_PROTOCOL_IMAP, META_GET_KEYS | META_GET_ALIASES | META_GET_FOLDERS | META_GET_CONTACTS | META_GET_MESSAGES, &(user))) {
 			st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username =  %.*s / password = %.*s }",
 				st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i]));
diff --git a/check/magma/mail/store_check.c b/check/magma/mail/store_check.c
index f618e37d..e5a9ca18 100644
--- a/check/magma/mail/store_check.c
+++ b/check/magma/mail/store_check.c
@@ -36,7 +36,7 @@ bool_t check_mail_store_plaintext_sthread(stringer_t *errmsg) {
 			result = false;
 		}
 
-		else if (meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification,
+		else if (meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification,
 			META_PROTOCOL_IMAP, META_GET_KEYS | META_GET_ALIASES | META_GET_FOLDERS | META_GET_CONTACTS | META_GET_MESSAGES, &(user))) {
 			st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username =  %.*s / password = %.*s }",
 				st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i]));
@@ -106,7 +106,7 @@ bool_t check_mail_store_encrypted_sthread(stringer_t *errmsg) {
 			result = false;
 		}
 
-		else if (meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification,
+		else if (meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification,
 			META_PROTOCOL_IMAP, META_GET_KEYS | META_GET_ALIASES | META_GET_FOLDERS | META_GET_CONTACTS | META_GET_MESSAGES, &(user))) {
 			st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username =  %.*s / password = %.*s }",
 				st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i]));
diff --git a/check/magma/prime/stacie_check.c b/check/magma/prime/stacie_check.c
index a1460d35..02b7b52c 100644
--- a/check/magma/prime/stacie_check.c
+++ b/check/magma/prime/stacie_check.c
@@ -93,7 +93,7 @@ bool_t check_stacie_simple(void) {
 	st_free(extracted);
 
 	// Calculate the symmetric key for the "mail" realm and check extracted cipher and vector key values.
-	if (!(combined_key = stacie_realm_key(master_key, NULLER("mail"), shard)) ||
+	if (!(combined_key = stacie_realm_key(master_key, NULLER("mail"), shard, shard)) ||
 			!(vector_key = stacie_realm_vector(combined_key)) || st_cmp_cs_eq(vector_key, realm_vector_key) ||
 			!(tag_key = stacie_realm_tag(combined_key)) || st_cmp_cs_eq(tag_key, realm_tag_key) ||
 			!(cipher_key = stacie_realm_cipher(combined_key)) || st_cmp_cs_eq(cipher_key, realm_cipher_key)) {
@@ -428,27 +428,27 @@ bool_t check_stacie_parameters(void) {
 		return false;
 	}
 
-	if ((res = stacie_realm_key(NULL, temp_st, temp_st64))) {
+	if ((res = stacie_realm_key(NULL, temp_st, temp_st64, temp_st64))) {
 		st_free(res);
 		return false;
 	}
 
-	if ((res = stacie_realm_key(temp_st, temp_st, temp_st64))) {
+	if ((res = stacie_realm_key(temp_st, temp_st, temp_st64, temp_st64))) {
 		st_free(res);
 		return false;
 	}
 
-	if ((res = stacie_realm_key(temp_st64, NULL, temp_st64))) {
+	if ((res = stacie_realm_key(temp_st64, NULL, temp_st64, temp_st64))) {
 		st_free(res);
 		return false;
 	}
 
-	if ((res = stacie_realm_key(temp_st64, temp_st, NULL))) {
+	if ((res = stacie_realm_key(temp_st64, temp_st, NULL, NULL))) {
 		st_free(res);
 		return false;
 	}
 
-	if ((res = stacie_realm_key(temp_st64, temp_st, temp_st))) {
+	if ((res = stacie_realm_key(temp_st64, temp_st, temp_st, temp_st))) {
 		st_free(res);
 		return false;
 	}
diff --git a/check/magma/providers/provide_check.c b/check/magma/providers/provide_check.c
index 9f52e5bd..39e345ab 100644
--- a/check/magma/providers/provide_check.c
+++ b/check/magma/providers/provide_check.c
@@ -503,9 +503,8 @@ START_TEST (check_virus_s) {
 	bool_t result = true;
 	stringer_t *errmsg = MANAGEDBUF(1024);
 
-	if (status() && magma.iface.virus.available) {
-		result = check_virus_sthread(errmsg);
-	}
+	// If the anti-virus engine is disabled we skip this tests.
+	if (status() && magma.iface.virus.available) result = check_virus_sthread(errmsg);
 
 	log_test("CHECKERS / VIRUS / SINGLE THREADED:", (magma.iface.virus.available ? errmsg : NULLER("SKIPPED")));
 	ck_assert_msg(result, st_char_get(errmsg));
@@ -552,14 +551,11 @@ START_TEST (check_dkim_s) {
 	bool_t result = true;
 	stringer_t *errmsg = MANAGEDBUF(1024);
 
-	// If the DKIM engine isn't enabled, then we'll skip the unit test.
-	if (!(result = magma.dkim.enabled)) st_sprint(errmsg, "SKIPPED");
-
-	// Otherwise, we'll perform the checks... unless the status variable indicates we shouldn't.
-	if (status() && result) result = check_dkim_sign_sthread(errmsg);
-	if (status() && result) result = check_dkim_verify_sthread(errmsg);
+	// If the DKIM engine is disabled we skip these tests.
+	if (status() && magma.dkim.enabled) result = check_dkim_sign_sthread(errmsg);
+	if (status() && magma.dkim.enabled && result) result = check_dkim_verify_sthread(errmsg);
 
-	log_test("CHECKERS / DKIM / SINGLE THREADED:", errmsg);
+	log_test("CHECKERS / DKIM / SINGLE THREADED:", (magma.dkim.enabled ? errmsg : NULLER("SKIPPED")));
 	ck_assert_msg(result, st_char_get(errmsg));
 
 }
diff --git a/check/magma/users/users_check.c b/check/magma/users/users_check.c
index 37f04849..91b8d62f 100644
--- a/check/magma/users/users_check.c
+++ b/check/magma/users/users_check.c
@@ -85,14 +85,14 @@ START_TEST (check_users_meta_valid_s) {
 			result = false;
 		}
 
-		else if ((meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification,
+		else if ((meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification,
 			META_PROTOCOL_POP, META_GET_MESSAGES | META_GET_KEYS, &(pop)))) {
 			st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username =  %.*s / password = %.*s }",
 				st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i]));
 			result = false;
 		}
 
-		else if ((meta_get(auth->usernum, auth->username, auth->keys.master, auth->tokens.verification,
+		else if ((meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, auth->tokens.verification,
 			META_PROTOCOL_IMAP, META_GET_KEYS | META_GET_FOLDERS | META_GET_CONTACTS | META_GET_MESSAGES, &(imap)))) {
 			st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username =  %.*s / password = %.*s }",
 				st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i]));
@@ -141,14 +141,14 @@ START_TEST (check_users_meta_invalid_s) {
 		}
 
 		// The verification token is XOR'ed with the master key, which should result in a failure.
-		if (auth && !(meta_get(auth->usernum, auth->username, st_xor(auth->keys.master, auth->tokens.verification, MANAGEDBUF(64)),
+		if (auth && !(meta_get(auth->usernum, auth->username, auth->seasoning.salt, st_xor(auth->keys.master, auth->tokens.verification, MANAGEDBUF(64)),
 			auth->tokens.verification, META_PROTOCOL_POP, META_GET_MESSAGES | META_GET_KEYS, &(user)))) {
 			st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username =  %.*s / password = %.*s }",
 				st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i]));
 			result = false;
 		}
 
-		else if (!(meta_get(auth->usernum, auth->username, auth->keys.master, st_xor(auth->keys.master, auth->tokens.verification,
+		else if (!(meta_get(auth->usernum, auth->username, auth->seasoning.salt, auth->keys.master, st_xor(auth->keys.master, auth->tokens.verification,
 			MANAGEDBUF(64)), META_PROTOCOL_POP, META_GET_MESSAGES | META_GET_KEYS, &(user)))) {
 			st_sprint(errmsg, "User meta login check failed. Get user metadata failure. { username =  %.*s / password = %.*s }",
 				st_length_int(usernames[i]), st_char_get(usernames[i]), st_length_int(passwords[i]), st_char_get(passwords[i]));
author	Ladar Levison <ladar@lavabit.com>	2018-07-18 09:24:30 +0300
committer	Ladar Levison <ladar@lavabit.com>	2018-07-18 09:24:30 +0300
commit	84cf9d57a2b72d73461dd677ea9e15fcf6ff5cef (patch)
tree	c1ff97f8b75b5c7e37d1e744774762342158a88a /check
parent	b4ef1c2bedf53b5a57c0c9aa8990adcff6a4efa0 (diff)