Derive the database key from the password.

Author: artob

Cargo.lock

@@ -34,6 +34,9 @@ clientele = { version = "0.3.8", default-features = false, features = [
     "clap",
     "std",
 ], optional = true }
+hex = "0.4"
+libaes = "0.7"
+pbkdf2 = "0.12"
 rusqlite = { version = "0.37", default-features = true, features = [
     "bundled-sqlcipher-vendored-openssl",
     "jiff",
@@ -43,6 +46,7 @@ serde_json = { version = "1", default-features = false, features = [
     "alloc",
     "preserve_order",
 ] }
+sha1 = "0.10"
 
 [profile.release]
 opt-level = "z"

Cargo.toml

@@ -36,13 +36,36 @@ asimov-signal-reader
 
 ## ⚙ Configuration
 
+Signal Desktop stores data in an encrypted [SQLCipher] database. The encryption
+key for this database is stored in a `config.json` file in Signal's application
+data directory, and that key is itself encrypted using an encryption password
+stored in the (platform-specific) system keychain.
+
+This module can be configured to decrypt the Signal database using either the
+encryption password or the encryption key. (You don't need both, just one.)
+
+### Encryption Password
+
+The simplest way to configure the module is to set the `ASIMOV_SIGNAL_PASSWORD`
+environment variable to the encryption password stored in the system keychain:
+
+```bash
+# macOS
+export ASIMOV_SIGNAL_PASSWORD=$(security find-generic-password -a "Signal Key" -s "Signal Safe Storage" -w)
+```
+
 ### Encryption Key
 
+Alternatively, for advanced users, you could set the `ASIMOV_SIGNAL_KEY`
+environment variable to the actual decrypted value of `encryptedKey` found in
+the `config.json` file:
+
 ```bash
 export ASIMOV_SIGNAL_KEY=feedc0dedecafbadcafebabecafed00dfeedc0dedecafbadcafebabecafed00d
 ```
 
-The key must be 64 hexadecimal characters, meaning 32 bytes (256 bits).
+This key must be 64 hexadecimal characters, meaning 32 bytes (256 bits).
+Deriving this key manually is well beyond the scope of these instructions.
 
 ## 📚 Reference
 
@@ -90,3 +113,5 @@ git clone https://github.com/asimov-modules/asimov-signal-module.git
 [RDF]: https://www.w3.org/TR/rdf12-primer/
 [Rust]: https://rust-lang.org
 [Signal]: https://signal.org
+[Signal Desktop]: https://github.com/signalapp/Signal-Desktop
+[SQLCipher]: https://www.zetetic.net/sqlcipher/

README.md

@@ -1,7 +1,7 @@
 // This is free and unencumbered software released into the public domain.
 
-use alloc::string::String;
-use asimov_module::secrecy::SecretString;
+use super::SecretKey;
+use alloc::{boxed::Box, string::String};
 use serde_json::{Map, Value};
 
 #[derive(Debug)]
@@ -35,9 +35,21 @@ impl SignalConfig {
         }
     }
 
-    pub fn encrypted_key(&self) -> Option<SecretString> {
-        self.json
-            .get("encryptedKey")
-            .and_then(|x| x.as_str().map(SecretString::from))
+    pub fn key(&self) -> Option<SecretKey> {
+        let Some(key_str) = self.json.get("key").and_then(|x| x.as_str()) else {
+            return None;
+        };
+        hex::decode(key_str)
+            .ok()
+            .map(|key_data| SecretKey::new(Box::new(key_data)))
+    }
+
+    pub fn encrypted_key(&self) -> Option<SecretKey> {
+        let Some(key_str) = self.json.get("encryptedKey").and_then(|x| x.as_str()) else {
+            return None;
+        };
+        hex::decode(key_str)
+            .ok()
+            .map(|key_data| SecretKey::new(Box::new(key_data)))
     }
 }

src/config.rs

@@ -1,7 +1,8 @@
 // This is free and unencumbered software released into the public domain.
 
+use super::SecretKey;
 use alloc::format;
-use asimov_module::secrecy::{ExposeSecret, SecretString};
+use asimov_module::secrecy::ExposeSecret;
 use rusqlite::{Connection, Result};
 
 #[derive(Debug)]
@@ -23,9 +24,10 @@ impl SignalDb {
         Ok(Self { conn })
     }
 
-    pub fn decrypt(&self, key: SecretString) -> Result<()> {
+    pub fn decrypt(&self, key: SecretKey) -> Result<()> {
+        let ascii_key = hex::encode(key.expose_secret());
         self.conn
-            .pragma_update(None, "key", format!("x'{}'", key.expose_secret()))
+            .pragma_update(None, "key", format!("x'{}'", ascii_key))
     }
 
     pub fn is_readable(&self) -> bool {

src/db.rs

@@ -0,0 +1,38 @@
+// This is free and unencumbered software released into the public domain.
+
+use super::SecretKey;
+use alloc::boxed::Box;
+use asimov_module::secrecy::ExposeSecret;
+use libaes::Cipher;
+use pbkdf2::pbkdf2_hmac;
+use sha1::Sha1;
+
+const SALT: &[u8] = b"saltysalt";
+const ROUNDS: u32 = 1003;
+
+pub fn decrypt_key(password: SecretKey, encrypted_key: &[u8]) -> Result<SecretKey, ()> {
+    match encrypted_key.strip_prefix(b"v10") {
+        Some(encrypted_key) => decrypt_key_v10(password, encrypted_key),
+        None => Err(()),
+    }
+}
+
+pub fn decrypt_key_v10(password: SecretKey, encrypted_key: &[u8]) -> Result<SecretKey, ()> {
+    // Derive the key using PBKDF2:
+    let mut kek = [0u8; 16];
+    pbkdf2_hmac::<Sha1>(password.expose_secret(), SALT, ROUNDS, &mut kek);
+
+    let cipher = Cipher::new_128(&kek);
+
+    let iv = [' ' as u8; 16];
+    let decrypted_key = cipher.cbc_decrypt(&iv, encrypted_key);
+
+    // The decrypted key is a 64-character hex string:
+    assert_eq!(decrypted_key.len(), 64);
+
+    // FIXME: decode into a 32-byte byte array:
+    let ascii_key = std::str::from_utf8(&decrypted_key).unwrap();
+    let decrypted_key = hex::decode(ascii_key).unwrap();
+
+    Ok(SecretKey::new(Box::new(decrypted_key)))
+}

src/decrypt.rs

@@ -1,6 +1,7 @@
 // This is free and unencumbered software released into the public domain.
 
-use super::{SignalConfig, SignalDb};
+use super::{SecretKey, SignalConfig, SignalDb, decrypt_key};
+use asimov_module::secrecy::ExposeSecret;
 use std::{io, path::PathBuf};
 
 #[derive(Debug)]
@@ -9,8 +10,21 @@ pub struct SignalDir {
 }
 
 impl SignalDir {
-    pub fn open(path: PathBuf) -> Self {
-        Self { path }
+    pub fn open(path: PathBuf) -> io::Result<Self> {
+        Ok(Self { path })
+    }
+
+    pub fn key(&self, password: Option<SecretKey>) -> io::Result<Option<SecretKey>> {
+        let config = self.config()?;
+        if let Some(key) = config.key() {
+            return Ok(Some(key));
+        };
+        let Some(encrypted_key) = config.encrypted_key() else {
+            return Ok(None);
+        };
+        let result = decrypt_key(password.unwrap(), encrypted_key.expose_secret())
+            .map_err(|_err| io::Error::new(io::ErrorKind::Other, "invalid password"))?;
+        Ok(Some(result))
     }
 
     pub fn config(&self) -> io::Result<SignalConfig> {