{-# LANGUAGE OverloadedStrings, BangPatterns #-} {- Copyright 2016 Joey Hess - - Licensed under the GNU AGPL version 3 or higher. -} module Main where import Types import Tunables import qualified CmdLine import UI import Encryption import Entropy import Benchmark import Tests import Cost import SecretKey import Share import Storage import BackupRecord import HTTP.Server import qualified Gpg import Data.Maybe import Data.Time.Clock import Data.Time.Calendar import Data.Monoid import Control.DeepSeq import qualified Data.ByteString as B import qualified Data.ByteString.UTF8 as BU8 import qualified Data.Set as S import System.Posix.User (userGecos, getUserEntryForID, getEffectiveUserID) main :: IO () main = do cmdline <- CmdLine.get ui <- selectUI (CmdLine.gui cmdline) let mkt = CmdLine.customizeShareParams cmdline (tunables, possibletunables) <- if CmdLine.testMode cmdline then do showInfo ui "Test mode" "Keysafe is running in test mode. This is not secure, and should not be used with real secret keys!" return (mkt testModeTunables, [mkt testModeTunables]) else return (mkt defaultTunables, map (mkt . snd) knownTunings) storagelocations <- if CmdLine.localstorage cmdline then pure $ localStorageLocations (CmdLine.localstoragedirectory cmdline) else allStorageLocations (CmdLine.localstoragedirectory cmdline) dispatch cmdline ui storagelocations tunables possibletunables dispatch :: CmdLine.CmdLine -> UI -> StorageLocations -> Tunables -> [Tunables] -> IO () dispatch cmdline ui storagelocations tunables possibletunables = do mode <- CmdLine.selectMode cmdline go mode (CmdLine.secretkeysource cmdline) where go CmdLine.Backup (Just secretkeysource) = backup cmdline storagelocations ui tunables secretkeysource =<< getSecretKey secretkeysource go CmdLine.Restore (Just secretkeydest) = restore cmdline storagelocations ui possibletunables secretkeydest go CmdLine.Backup Nothing = backup cmdline storagelocations ui tunables Gpg.anyKey =<< Gpg.getKeyToBackup ui go CmdLine.Restore Nothing = restore cmdline storagelocations ui possibletunables Gpg.anyKey go CmdLine.UploadQueued _ = do problems <- uploadQueued (CmdLine.localstoragedirectory cmdline) if null problems then return () else showError ui ("Problem uploading queued data to servers:\n\n" ++ unlines problems ++ "\n\nYour secret keys have not yet been backed up.") go (CmdLine.Server) _ = runServer (CmdLine.localstoragedirectory cmdline) (CmdLine.serverConfig cmdline) go (CmdLine.Chaff hn) _ = storeChaff hn (CmdLine.serverPort (CmdLine.serverConfig cmdline)) go CmdLine.Benchmark _ = benchmarkTunables tunables go CmdLine.Test _ = runTests backup :: CmdLine.CmdLine -> StorageLocations -> UI -> Tunables -> SecretKeySource -> SecretKey -> IO () backup cmdline storagelocations ui tunables secretkeysource secretkey = do username <- userName Name theirname <- case CmdLine.name cmdline of Just n -> pure n Nothing -> fromMaybe (error "Aborting on no username") <$> promptName ui "Enter your name" usernamedesc (Just username) validateName go theirname where go theirname = do cores <- fromMaybe 1 <$> getNumCores Name othername <- case CmdLine.name cmdline of Just n -> pure n Nothing -> fromMaybe (error "aborting on no othername") <$> promptName ui "Enter other name" othernamedesc Nothing validateName let name = Name (theirname <> " " <> othername) (kek, passwordentropy) <- promptpassword name let sis = shareIdents tunables name secretkeysource let cost = getCreationCost kek <> getCreationCost sis (r, queued, locs) <- withProgressIncremental ui "Encrypting and storing data" (encryptdesc cost cores) $ \addpercent -> do let esk = encrypt tunables kek secretkey shares <- genShares esk tunables _ <- esk `deepseq` addpercent 25 _ <- sis `seq` addpercent 25 let step = 50 `div` sum (map S.size shares) storeShares storagelocations sis shares (addpercent step) backuprecord <- mkBackupRecord (mapMaybe getServer locs) secretkeysource passwordentropy case r of StoreSuccess -> do storeBackupRecord backuprecord if queued then showInfo ui "Backup queued" "Some data was not sucessfully uploaded to servers, and has been queued for later upload. Run keysafe --uploadqueued at a later point to finish the backup." else showInfo ui "Backup success" "Your secret key was successfully encrypted and backed up." StoreFailure s -> showError ui ("There was a problem storing your encrypted secret key: " ++ s) StoreAlreadyExists -> do showError ui $ unlines [ "Another secret key is already being stored under the name you entered." , "Please try again with a different name." ] go theirname promptpassword name = do password <- fromMaybe (error "Aborting on no password") <$> promptPassword ui True "Enter password" passworddesc kek <- genKeyEncryptionKey tunables name password username <- userName let badwords = concatMap namewords [name, username] let passwordentropy = calcPasswordEntropy password badwords let crackcost = estimateAttackCost spotAWS $ estimateBruteforceOf kek passwordentropy let mincost = Dollars 100000 if crackcost < mincost then do showError ui $ "Weak password! It would cost only " ++ show crackcost ++ " to crack the password. Please think of a better one. More words would be good.." promptpassword name else do (thisyear, _, _) <- toGregorian . utctDay <$> getCurrentTime ok <- promptQuestion ui "Password strength estimate" (crackdesc crackcost thisyear) "Is your password strong enough?" if ok then return (kek, passwordentropy) else promptpassword name namewords (Name nb) = words (BU8.toString nb) keydesc = case secretkeysource of GpgKey _ -> "gpg secret key" KeyFile _ -> "secret key" usernamedesc = unlines [ "Keysafe is going to backup your " ++ keydesc ++ " securely." , "" , "You will be prompted for some information. To restore your " ++ keydesc , "at a later date, you will need to remember and enter the same information." , "" , "To get started, what is your name?" ] othernamedesc = unlines [ "Now think of another name, which not many people know." , "This will be used to make it hard for anyone else to find" , "the backup of your " ++ keydesc ++ "." , "" , "Some suggestions:" , "" , otherNameSuggestions , "" , "Make sure to pick a name you will remember later," , "when you restore your " ++ keydesc ++ "." ] passworddesc = unlines [ "Pick a password that will be used to protect your secret key." , "" , "It's very important that this password be hard to guess." , "" , "And, it needs to be one that you will be able to remember years from now" , "in order to restore your secret key." ] crackdesc crackcost thisyear = unlines $ "Rough estimate of the cost to crack your password: " : costOverTimeTable crackcost thisyear encryptdesc cost cores = unlines [ "This will probably take around " ++ showCostMinutes cores cost , "" , "(It's a feature that this takes a while; it makes it hard" , "for anyone to find your data, or crack your password.)" , "" , "Please wait..." ] otherNameSuggestions :: String otherNameSuggestions = unlines $ map (" * " ++) [ "Your high-school sweetheart." , "Your first pet." , "Your favorite teacher." , "Your college roomate." , "A place you like to visit." ] restore :: CmdLine.CmdLine -> StorageLocations -> UI -> [Tunables] -> SecretKeySource -> IO () restore cmdline storagelocations ui possibletunables secretkeydest = do cores <- fromMaybe 1 <$> getNumCores username <- userName Name theirname <- case CmdLine.name cmdline of Just n -> pure n Nothing -> fromMaybe (error "Aborting on no username") <$> promptName ui "Enter your name" namedesc (Just username) validateName Name othername <- case CmdLine.name cmdline of Just n -> pure n Nothing -> fromMaybe (error "aborting on no othername") <$> promptName ui "Enter other name" othernamedesc Nothing validateName let name = Name (theirname <> " " <> othername) password <- fromMaybe (error "Aborting on no password") <$> promptPassword ui True "Enter password" passworddesc let mksis tunables = shareIdents tunables name secretkeydest r <- downloadInitialShares storagelocations ui mksis possibletunables case r of Nothing -> showError ui "No shares could be downloaded. Perhaps you entered the wrong name?" Just (tunables, shares, sis) -> do let candidatekeys = candidateKeyEncryptionKeys tunables name password let cost = getCreationCost candidatekeys <> castCost (getDecryptionCost candidatekeys) case combineShares tunables [shares] of Left e -> showError ui e Right esk -> do final <- withProgress ui "Decrypting" (decryptdesc cost cores) $ \setpercent -> go tunables [shares] sis setpercent $ tryDecrypt candidatekeys esk final where go tunables firstshares sis setpercent r = case r of DecryptFailed -> return $ showError ui "Decryption failed! Probably you entered the wrong password." DecryptSuccess secretkey -> do _ <- setpercent 100 writeSecretKey secretkeydest secretkey return $ showInfo ui "Success" "Your secret key was successfully restored!" DecryptIncomplete kek -> do -- Download shares for another chunk. (nextshares, sis') <- retrieveShares storagelocations sis (return ()) let shares = firstshares ++ [nextshares] case combineShares tunables shares of Left e -> return $ showError ui e Right esk -> go tunables shares sis' setpercent $ decrypt kek esk namedesc = unlines [ "When you backed up your secret key, you entered some information." , "To restore it, you'll need to remember what you entered back then." , "" , "To get started, what is your name?" ] othernamedesc = unlines [ "What other name did you enter when you backed up your secret key?" , "" , "Back then, you were given some suggestions, like these:" , "" , otherNameSuggestions ] passworddesc = unlines [ "Enter the password to unlock your secret key." ] decryptdesc cost cores = unlines [ "This will probably take around " ++ showCostMinutes cores cost , "" , "(It's a feature that this takes so long; it prevents cracking your password.)" , "" , "Please wait..." ] -- | Try each possible tunable until the initial set of -- shares are found, and return the shares, and -- ShareIdents to download subsequent sets. downloadInitialShares :: StorageLocations -> UI -> (Tunables -> ShareIdents) -> [Tunables] -> IO (Maybe (Tunables, S.Set Share, ShareIdents)) downloadInitialShares storagelocations ui mksis possibletunables = do cores <- fromMaybe 1 <$> getNumCores withProgressIncremental ui "Downloading encrypted data" (message cores) $ \addpercent -> do go possibletunables addpercent where go [] _ = return Nothing go (tunables:othertunables) addpercent = do -- Just calculating the hash to generate the stream of idents -- probably takes most of the time. let !sis = mksis tunables addpercent 50 let m = totalObjects (shareParams tunables) let step = 50 `div` m (shares, sis') <- retrieveShares storagelocations sis (addpercent step) if S.null shares then go othertunables addpercent else return $ Just (tunables, shares, sis') possiblesis = map mksis possibletunables message cores = unlines [ "This will probably take around " ++ showCostMinutes cores (mconcat $ map getCreationCost possiblesis) , "" , "(It's a feature that this takes a while; it makes it hard" , "for anyone else to find your data.)" , "" , "Please wait..." ] validateName :: Name -> Maybe Problem validateName (Name n) | B.length n < 2 = Just "The name should be at least 2 letters long." | otherwise = Nothing userName :: IO Name userName = do u <- getUserEntryForID =<< getEffectiveUserID return $ Name $ BU8.fromString $ takeWhile (/= ',') (userGecos u)