session.go

package jess

import (
	"errors"
	"fmt"
	"hash"
	"strings"

	"github.com/safing/jess/hashtools"
	"github.com/safing/jess/tools"
)

// Session holds session information for operations using the envelope it was initialized with.
type Session struct {
	envelope *Envelope

	DefaultSymmetricKeySize int
	SecurityLevel           int
	maxSecurityLevel        int
	toolRequirements        *Requirements

	// session over the wire
	wire *WireSession

	// instances

	all            []tools.ToolLogic
	toolsWithState []tools.ToolLogic

	kdf tools.ToolLogic

	passDerivator    tools.ToolLogic
	keyExchangers    []tools.ToolLogic
	keyEncapsulators []tools.ToolLogic

	integratedCiphers []tools.ToolLogic
	ciphers           []tools.ToolLogic

	managedMACHashers map[string]*managedHasher
	macs              []tools.ToolLogic

	managedSigningHashers map[string]*managedHasher
	signers               []tools.ToolLogic
}

type managedHasher struct {
	tool *hashtools.HashTool
	hash hash.Hash
}

// Sum returns the hash sum of the managed hasher.
func (sh *managedHasher) Sum() ([]byte, error) {
	if sh == nil || sh.hash == nil {
		return nil, errors.New("managed hasher is broken")
	}
	return sh.hash.Sum(nil), nil
}

func newSession(e *Envelope) (*Session, error) { //nolint:maintidx
	if e.suite == nil {
		return nil, errors.New("suite not loaded")
	}

	// create session
	s := &Session{
		envelope:         e,
		toolRequirements: newEmptyRequirements(),
	}

	// check envelope security level
	if e.SecurityLevel > 0 {
		err := s.checkSecurityLevel(e.SecurityLevel, func() string {
			return fmt.Sprintf(`envelope "%s"`, e.Name)
		})
		if err != nil {
			return nil, err
		}
	}
	// check suite security level
	err := s.checkSecurityLevel(e.suite.SecurityLevel, func() string {
		return fmt.Sprintf(`suite "%s"`, e.suite.ID)
	})
	if err != nil {
		return nil, err
	}

	// prepare variables
	var (
		keySourceAvailable    bool
		totalSignetsSeen      int
		requireSecurityLevel  bool
		requireDefaultKeySize bool
	)

	// tool init loop: start
	for i, toolID := range s.envelope.suite.Tools {

		// ====================================
		// tool init loop: check for duplicates
		// ====================================

		for j, dupeToolID := range s.envelope.suite.Tools {
			if i != j && toolID == dupeToolID {
				return nil, fmt.Errorf("cannot use tool %s twice, each tool may be only specified once", toolID)
			}
		}

		// ===================================
		// tool init loop: parse, prep and get
		// ===================================

		var (
			hashTool  *hashtools.HashTool
			hashSumFn func() ([]byte, error)
		)

		// parse ID for args
		var arg string
		if strings.Contains(toolID, "(") {
			splitted := strings.Split(toolID, "(")
			toolID = splitted[0]
			arg = strings.Trim(splitted[1], "()")
		}

		// get tool
		tool, err := tools.Get(toolID)
		if err != nil {
			return nil, fmt.Errorf("the specified tool %s could not be found", toolID)
		}

		// create logic instance and add to logic and state lists
		logic := tool.Factory()
		s.all = append(s.all, logic)
		if tool.Info.HasOption(tools.OptionHasState) {
			s.toolsWithState = append(s.toolsWithState, logic)
		}

		// ===========================================================
		// tool init loop: assign tools to queues and add requirements
		// ===========================================================

		switch tool.Info.Purpose {
		case tools.PurposeKeyDerivation:
			if s.kdf != nil {
				return nil, fmt.Errorf("cannot use %s, you may only specify one key derivation tool and %s was already specified", tool.Info.Name, s.kdf.Info().Name)
			}
			s.kdf = logic

		case tools.PurposePassDerivation:
			if s.passDerivator != nil {
				return nil, fmt.Errorf("cannot use %s, you may only specify one password derivation tool and %s was already specified", tool.Info.Name, s.passDerivator.Info().Name)
			}
			s.passDerivator = logic
			s.toolRequirements.Add(SenderAuthentication)
			s.toolRequirements.Add(RecipientAuthentication)

		case tools.PurposeKeyExchange:
			s.keyExchangers = append(s.keyExchangers, logic)
			s.toolRequirements.Add(RecipientAuthentication)

		case tools.PurposeKeyEncapsulation:
			s.keyEncapsulators = append(s.keyEncapsulators, logic)
			s.toolRequirements.Add(RecipientAuthentication)

		case tools.PurposeSigning:
			s.signers = append(s.signers, logic)
			s.toolRequirements.Add(Integrity)
			s.toolRequirements.Add(SenderAuthentication)

		case tools.PurposeIntegratedCipher:
			s.integratedCiphers = append(s.integratedCiphers, logic)
			s.toolRequirements.Add(Confidentiality)
			s.toolRequirements.Add(Integrity)

		case tools.PurposeCipher:
			s.ciphers = append(s.ciphers, logic)
			s.toolRequirements.Add(Confidentiality)

		case tools.PurposeMAC:
			s.macs = append(s.macs, logic)
			s.toolRequirements.Add(Integrity)
		}

		// ============================================
		// tool init loop: process options, get hashers
		// ============================================

		for _, option := range tool.Info.Options {
			switch option {

			case tools.OptionStreaming:
				// TODO: Implementation pending.

			case tools.OptionNeedsManagedHasher:
				// get managed hasher list
				var managedHashers map[string]*managedHasher
				switch tool.Info.Purpose {
				case tools.PurposeMAC:
					if s.managedMACHashers == nil {
						s.managedMACHashers = make(map[string]*managedHasher)
					}
					managedHashers = s.managedMACHashers
				case tools.PurposeSigning:
					if s.managedSigningHashers == nil {
						s.managedSigningHashers = make(map[string]*managedHasher)
					}
					managedHashers = s.managedSigningHashers
				default:
					return nil, fmt.Errorf("only MAC and Signing tools may use managed hashers")
				}

				// get or assign a new managed hasher
				mngdHasher, ok := managedHashers[arg]
				if !ok {
					// get hashtool
					ht, err := hashtools.Get(arg)
					if err != nil {
						return nil, fmt.Errorf("the specified hashtool for %s(%s) could not be found", toolID, arg)
					}

					// save to managed hashers
					mngdHasher = &managedHasher{
						tool: ht,
						hash: ht.New(),
					}
					managedHashers[arg] = mngdHasher
				}

				hashTool = mngdHasher.tool
				hashSumFn = mngdHasher.Sum

			case tools.OptionNeedsDedicatedHasher:
				hashTool, err = hashtools.Get(arg)
				if err != nil {
					return nil, fmt.Errorf("the specified hashtool for %s(%s) could not be found", toolID, arg)
				}

			case tools.OptionNeedsSecurityLevel:
				requireSecurityLevel = true

			case tools.OptionNeedsDefaultKeySize:
				requireDefaultKeySize = true
			}
		}

		// ===============================
		// tool init loop: initialize tool
		// ===============================

		// init tool
		logic.Init(
			tool,
			&Helper{
				session: s,
				info:    tool.Info,
			},
			hashTool,
			hashSumFn,
		)

		// ==============================================
		// tool init loop: calc and check security levels
		// ==============================================

		err = s.calcAndCheckSecurityLevel(logic, nil)
		if err != nil {
			return nil, err
		}

		// ==========================================
		// tool init loop: calculate default key size
		// ==========================================

		// find biggest key size for default
		if tool.Info.KeySize > s.DefaultSymmetricKeySize {
			s.DefaultSymmetricKeySize = tool.Info.KeySize
		}

	} // tool init loop: end

	// =======================================================
	// calc and check signet security levels, default key size
	// =======================================================

	for _, tool := range s.all {

		var err error
		var seen int

		// calc and check signet security levels
		switch tool.Info().Purpose {
		case tools.PurposePassDerivation:
			//nolint:scopelint // function is executed immediately within loop
			err = e.LoopSecrets(SignetSchemePassword, func(signet *Signet) error {
				seen++
				return s.calcAndCheckSecurityLevel(tool, signet)
			})
			keySourceAvailable = true

		case tools.PurposeKeyExchange,
			tools.PurposeKeyEncapsulation:
			//nolint:scopelint // function is executed immediately within loop
			err = e.LoopRecipients(tool.Info().Name, func(signet *Signet) error {
				seen++
				return s.calcAndCheckSecurityLevel(tool, signet)
			})
			keySourceAvailable = true

		case tools.PurposeSigning:
			//nolint:scopelint // function is executed immediately within loop
			err = e.LoopSenders(tool.Info().Name, func(signet *Signet) error {
				seen++
				return s.calcAndCheckSecurityLevel(tool, signet)
			})
			keySourceAvailable = true

		default:
			continue
		}

		// check error
		if err != nil {
			return nil, err
		}

		// check if anything is here
		if seen == 0 {
			return nil, fmt.Errorf("tool %s requires at least one signet", tool.Info().Name)
		}
		totalSignetsSeen += seen
	}

	// key signets
	err = e.LoopSecrets(SignetSchemeKey, func(signet *Signet) error {
		s.toolRequirements.Add(SenderAuthentication)
		s.toolRequirements.Add(RecipientAuthentication)

		totalSignetsSeen++
		keySourceAvailable = true
		return s.calcAndCheckSecurityLevel(nil, signet)
	})
	if err != nil {
		return nil, err
	}

	// ======================================================
	// check security level and default key size requirements
	// ======================================================

	// apply manual security level
	if minimumSecurityLevel > 0 && minimumSecurityLevel > s.SecurityLevel {
		s.SecurityLevel = minimumSecurityLevel
	}
	// apply manual key size
	if minimumSymmetricKeySize > 0 && minimumSymmetricKeySize > s.DefaultSymmetricKeySize {
		s.DefaultSymmetricKeySize = minimumSymmetricKeySize
	}

	// check security level requirement
	if requireSecurityLevel && s.SecurityLevel == 0 {
		return nil, fmt.Errorf("this toolset requires the security level to be set manually")
	}
	// check default key size requirement
	if requireDefaultKeySize && s.DefaultSymmetricKeySize == 0 {
		return nil, fmt.Errorf("this toolset requires the default key size to be set manually")
	}

	// ============
	// final checks
	// ============

	// check requirements
	if s.toolRequirements.Empty() {
		return nil, errors.New("envelope excludes all security requirements, no meaningful operation possible")
	}
	err = s.toolRequirements.CheckComplianceTo(s.envelope.suite.Provides)
	if err != nil {
		return nil, err
	}

	// check if we have recipient auth without confidentiality
	if s.toolRequirements.Has(RecipientAuthentication) &&
		!s.toolRequirements.Has(Confidentiality) {
		return nil, errors.New("having recipient authentication without confidentiality does not make sense")
	}

	// check if we have confidentiality without integrity
	if s.toolRequirements.Has(Confidentiality) &&
		!s.toolRequirements.Has(Integrity) {
		return nil, errors.New("having confidentiality without integrity does not make sense")
	}

	// check if we are missing a kdf, but need one
	if s.kdf == nil && len(s.signers) != len(s.envelope.suite.Tools) {
		return nil, errors.New("missing a key derivation tool")
	}

	// check if have a kdf, even if we don't need one
	if len(s.integratedCiphers) == 0 &&
		len(s.ciphers) == 0 &&
		len(s.macs) == 0 &&
		s.kdf != nil {
		return nil, errors.New("key derivation tool specified, but not needed")
	}

	// check if we have a key source
	if !keySourceAvailable &&
		(s.toolRequirements.Has(Integrity) || s.toolRequirements.Has(Confidentiality)) {
		return nil, errors.New("missing key source, please add a tool that provides a key or add a key signet directly")
	}

	// check if there are unused signets
	if len(s.envelope.Secrets)+
		len(s.envelope.Senders)+
		len(s.envelope.Recipients) > totalSignetsSeen {
		return nil, fmt.Errorf("detected signet or recipient in envelope that is not used by any tool")
	}

	// check session security level
	// while this should never result in an error (because every part was already checked separately) this is used as a precaution to catch errors in future code changes
	err = s.checkSecurityLevel(s.SecurityLevel, func() string {
		return "current session"
	})
	if err != nil {
		return nil, err
	}

	return s, nil
}

//nolint:gocognit
func (s *Session) calcAndCheckSecurityLevel(logic tools.ToolLogic, signet *Signet) error {
	// get signet scheme
	signetScheme := ""
	if signet != nil {
		signetScheme = signet.Scheme
	}

	var err error
	var calculatedSecurityLevel int

	switch {
	case signetScheme == SignetSchemeKey:
		calculatedSecurityLevel = len(signet.Key) * 8
	case signetScheme == SignetSchemePassword && signet != nil:
		// only check if present
		// existence check is done when opening/closing
		if len(signet.Key) > 0 {
			switch logic.Info().Name {
			case "SCRYPT-20":
				// TODO: integrate this into the tool interface
				calculatedSecurityLevel = CalculatePasswordSecurityLevel(string(signet.Key), 1<<20)
			case "PBKDF2-SHA2-256":
				// TODO: integrate this into the tool interface
				calculatedSecurityLevel = CalculatePasswordSecurityLevel(string(signet.Key), 20000)
			default:
				calculatedSecurityLevel = CalculatePasswordSecurityLevel(string(signet.Key), 1)
			}
			if calculatedSecurityLevel < 0 {
				return fmt.Errorf(`supplied password signet "%s" is exceptionally weak and should not be used`, signet.ID)
			}
		}
	default:
		// get tool security level
		if signet == nil {
			// nil interface hackery for inherited SecurityLevel() functions
			calculatedSecurityLevel, err = logic.SecurityLevel(nil)
		} else {
			calculatedSecurityLevel, err = logic.SecurityLevel(signet)
		}
		if err != nil {
			return err
		}
	}

	if calculatedSecurityLevel == 0 {
		// not applicable
		return nil
	}
	if calculatedSecurityLevel < 0 {
		// broken!
		if signet != nil {
			return fmt.Errorf(`supplied %s signet "%s" is considered broken and should not be used anymore`, signet.Scheme, signet.ID)
		}
		return fmt.Errorf(`tool %s is considered broken and should not be used anymore`, logic.Info().Name)
	}

	if signet != nil {
		// signet based security level checks
		err = s.checkSecurityLevel(calculatedSecurityLevel, func() string {
			return fmt.Sprintf(`supplied %s signet "%s"`, signet.Scheme, signet.ID)
		})
	} else {
		// tool based securty level checks
		err = s.checkSecurityLevel(calculatedSecurityLevel, func() string {
			return "tool %s" + logic.Info().Name
		})
	}
	if err != nil {
		return err
	}

	// adapt security level of session

	// lower session security level
	if s.SecurityLevel == 0 || calculatedSecurityLevel < s.SecurityLevel {
		s.SecurityLevel = calculatedSecurityLevel
	}
	// raise session max security level
	if calculatedSecurityLevel > s.maxSecurityLevel {
		s.maxSecurityLevel = calculatedSecurityLevel
	}

	return nil
}

func (s *Session) checkSecurityLevel(levelToCheck int, subject func() string) error {
	switch {
	case minimumSecurityLevel > 0:
		// check against minimumSecurityLevel
		// (overrides other checks)
		if levelToCheck < minimumSecurityLevel {
			return fmt.Errorf(
				`%s with a security level of %d is weaker than the desired security level of %d`,
				subject(),
				levelToCheck,
				minimumSecurityLevel,
			)
		}
	case s.envelope.SecurityLevel > 0:
		// check against envelope's minimum security level
		if levelToCheck < s.envelope.SecurityLevel {
			return fmt.Errorf(
				`%s with a security level of %d is weaker than the envelope's minimum security level of %d`,
				subject(),
				levelToCheck,
				s.envelope.SecurityLevel,
			)
		}
	case levelToCheck < defaultSecurityLevel:
		// check against default security level as fallback
		return fmt.Errorf(
			`%s with a security level of %d is weaker than the default minimum security level of %d`,
			subject(),
			levelToCheck,
			defaultSecurityLevel,
		)
	}

	return nil
}

// NonceSize returns the nonce size to use for new letters.
func (s *Session) NonceSize() int {
	size := s.maxSecurityLevel / 32
	if size < 4 {
		size = 4
	}

	return size
}