From 496ebf2a47b9f2f5652fa66cb41dacbde8eb4243 Mon Sep 17 00:00:00 2001
From: Scott Nonnenberg <scott@signal.org>
Date: Thu, 16 Aug 2018 10:07:38 -0700
Subject: [PATCH] Store SQLCipher decryption key in separate file

First, we write the key a whole lot less. We write it on creation, then
never again.

Second, it's in a file we control very closely. Instead of blindly
regenerating the key if the target file generates an error on read,
we block startup unless the error is 'ENOENT' - the file isn't there
at all.

This still allows for the key.txt file to be deleted or corrupted
somehow, but it should be a lot less common than the high-traffic
config.json used for window location and media permissions.
---
 app/key_management.js | 62 +++++++++++++++++++++++++++++++++++++++++++
 app/sql_channel.js    |  9 +++----
 main.js               | 61 +++++++++++++++++++-----------------------
 3 files changed, 93 insertions(+), 39 deletions(-)
 create mode 100644 app/key_management.js

diff --git a/app/key_management.js b/app/key_management.js
new file mode 100644
index 000000000..83a471f34
--- /dev/null
+++ b/app/key_management.js
@@ -0,0 +1,62 @@
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+
+const { app } = require('electron');
+
+const ENCODING = 'utf8';
+const userDataPath = app.getPath('userData');
+const targetPath = path.join(userDataPath, 'key.txt');
+
+module.exports = {
+  get,
+  set,
+  initialize,
+  remove,
+};
+
+function get() {
+  try {
+    const key = fs.readFileSync(targetPath, ENCODING);
+    console.log('key/get: Successfully read key file');
+    return key;
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      console.log('key/get: Could not find key file, returning null');
+      return null;
+    }
+
+    throw error;
+  }
+}
+
+function set(key) {
+  console.log('key/set: Saving key to disk');
+  fs.writeFileSync(targetPath, key, ENCODING);
+}
+
+function remove() {
+  console.log('key/remove: Deleting key from disk');
+  fs.unlinkSync(targetPath);
+}
+
+function initialize({ userConfig }) {
+  const keyFromConfig = userConfig.get('key');
+  const keyFromStore = get();
+
+  let key = keyFromStore || keyFromConfig;
+  if (!key) {
+    console.log(
+      'key/initialize: Generating new encryption key, since we did not find it on disk'
+    );
+    // https://www.zetetic.net/sqlcipher/sqlcipher-api/#key
+    key = crypto.randomBytes(32).toString('hex');
+    set(key);
+  } else if (keyFromConfig) {
+    set(key);
+    console.log('key/initialize: Removing key from config.json');
+    userConfig.delete('key');
+  }
+
+  return key;
+}
diff --git a/app/sql_channel.js b/app/sql_channel.js
index c375b222c..46d74c31b 100644
--- a/app/sql_channel.js
+++ b/app/sql_channel.js
@@ -1,5 +1,6 @@
 const electron = require('electron');
 const sql = require('./sql');
+const { remove } = require('./key_management');
 
 const { ipcMain } = electron;
 
@@ -12,16 +13,12 @@ let initialized = false;
 const SQL_CHANNEL_KEY = 'sql-channel';
 const ERASE_SQL_KEY = 'erase-sql-key';
 
-function initialize({ userConfig }) {
+function initialize() {
   if (initialized) {
     throw new Error('sqlChannels: already initialized!');
   }
   initialized = true;
 
-  if (!userConfig) {
-    throw new Error('initialize: userConfig is required!');
-  }
-
   ipcMain.on(SQL_CHANNEL_KEY, async (event, jobId, callName, ...args) => {
     try {
       const fn = sql[callName];
@@ -44,7 +41,7 @@ function initialize({ userConfig }) {
 
   ipcMain.on(ERASE_SQL_KEY, async event => {
     try {
-      userConfig.set('key', null);
+      remove();
       event.sender.send(`${ERASE_SQL_KEY}-done`);
     } catch (error) {
       const errorForDisplay = error && error.stack ? error.stack : error;
diff --git a/main.js b/main.js
index 763798dbe..53269fbb1 100644
--- a/main.js
+++ b/main.js
@@ -4,14 +4,17 @@ const path = require('path');
 const url = require('url');
 const os = require('os');
 const fs = require('fs');
-const crypto = require('crypto');
 
 const _ = require('lodash');
 const pify = require('pify');
 const electron = require('electron');
 
-const getRealPath = pify(fs.realpath);
+const packageJson = require('./package.json');
+const GlobalErrors = require('./app/global_errors');
 
+GlobalErrors.addHandler();
+
+const getRealPath = pify(fs.realpath);
 const {
   app,
   BrowserWindow,
@@ -22,26 +25,6 @@ const {
   shell,
 } = electron;
 
-const packageJson = require('./package.json');
-
-const sql = require('./app/sql');
-const sqlChannels = require('./app/sql_channel');
-const attachments = require('./app/attachments');
-const attachmentChannel = require('./app/attachment_channel');
-const autoUpdate = require('./app/auto_update');
-const createTrayIcon = require('./app/tray_icon');
-const GlobalErrors = require('./app/global_errors');
-const logging = require('./app/logging');
-const windowState = require('./app/window_state');
-const { createTemplate } = require('./app/menu');
-const {
-  installFileHandler,
-  installWebHandler,
-} = require('./app/protocol_filter');
-const { installPermissionsHandler } = require('./app/permissions');
-
-GlobalErrors.addHandler();
-
 const appUserModelId = `org.whispersystems.${packageJson.name}`;
 console.log('Set Windows Application User Model ID (AUMID)', {
   appUserModelId,
@@ -64,14 +47,32 @@ const usingTrayIcon =
 
 const config = require('./app/config');
 
+// Very important to put before the single instance check, since it is based on the
+//   userData directory.
+const userConfig = require('./app/user_config');
+
 const importMode =
   process.argv.some(arg => arg === '--import') || config.get('import');
 
 const development = config.environment === 'development';
 
-// Very important to put before the single instance check, since it is based on the
-//   userData directory.
-const userConfig = require('./app/user_config');
+// We generally want to pull in our own modules after this point, after the user
+//   data directory has been set.
+const attachments = require('./app/attachments');
+const attachmentChannel = require('./app/attachment_channel');
+const autoUpdate = require('./app/auto_update');
+const createTrayIcon = require('./app/tray_icon');
+const keyManagement = require('./app/key_management');
+const logging = require('./app/logging');
+const sql = require('./app/sql');
+const sqlChannels = require('./app/sql_channel');
+const windowState = require('./app/window_state');
+const { createTemplate } = require('./app/menu');
+const {
+  installFileHandler,
+  installWebHandler,
+} = require('./app/protocol_filter');
+const { installPermissionsHandler } = require('./app/permissions');
 
 function showWindow() {
   if (!mainWindow) {
@@ -618,15 +619,9 @@ app.on('ready', async () => {
     locale = loadLocale({ appLocale, logger });
   }
 
-  let key = userConfig.get('key');
-  if (!key) {
-    // https://www.zetetic.net/sqlcipher/sqlcipher-api/#key
-    key = crypto.randomBytes(32).toString('hex');
-    userConfig.set('key', key);
-  }
-
+  const key = keyManagement.initialize({ userConfig });
   await sql.initialize({ configDir: userDataPath, key });
-  await sqlChannels.initialize({ userConfig });
+  await sqlChannels.initialize();
 
   async function cleanupOrphanedAttachments() {
     const allAttachments = await attachments.getAllAttachments(userDataPath);