dimeola
/
rustotpony
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: dimeola:master
Branches Tags
dimeola:supermagic_square
dimeola:ci/github-actions
dimeola:master
dimeola:refactoring/split-modules
dimeola:feature/database-encription
dimeola:0.1.0
dimeola:0.2.0
dimeola:0.2.1
dimeola:0.2.2
dimeola:0.2.3
dimeola:0.2.4
dimeola:0.2.5
dimeola:ga-test-2
dimeola:ga-test-3
dimeola:ga-test-4
dimeola:ga-test-5
dimeola:ga-test-6
dimeola:ga-test-7
..
compare: dimeola:refactoring/split-modules
Branches Tags
dimeola:supermagic_square
dimeola:ci/github-actions
dimeola:master
dimeola:refactoring/split-modules
dimeola:feature/database-encription
dimeola:0.1.0
dimeola:0.2.0
dimeola:0.2.1
dimeola:0.2.2
dimeola:0.2.3
dimeola:0.2.4
dimeola:0.2.5
dimeola:ga-test-2
dimeola:ga-test-3
dimeola:ga-test-4
dimeola:ga-test-5
dimeola:ga-test-6
dimeola:ga-test-7

3 Commits
master ... refactorin

Author SHA1 Message Date
German Lashevich aab924d976
🎨 Move struct definition to a proper place 7 years ago
German Lashevich a92d82a6c8
🚚 Separate database implementations 7 years ago
German Lashevich f130fc2128
🚚 Moving and renaming generator entity 7 years ago
10 changed files with 565 additions and 1228 deletions
Show Stats

15
.github/workflows/rust.yml vendored
Unescape Escape View File

@ -1,15 +0,0 @@
name: Rust
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build
run: cargo build --verbose
- name: Run tests
run: cargo test --verbose

1036
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

11
Cargo.toml
Unescape Escape View File

@ -9,20 +9,19 @@ license = "MIT"
name = "rustotpony"
readme = "README.md"
repository = "https://github.com/zebradil/rustotpony"
version = "0.2.5"
version = "0.2.3"
[dependencies]
base32 = "0.4.0"
base32 = "0.3.1"
clap = "^2.29.0"
keyring = "0.7.1"
keyring = "0.6.0"
oath = "0.10.2"
rand = "0.7"
rpassword = "4.0"
rand = "0.4.1"
rpassword = "2.0.0"
rust-crypto = "0.2.36"
serde = "1.0.24"
serde_derive = "1.0.24"
serde_json = "1.0.8"
dirs = "2.0.2"
[dependencies.ctrlc]
features = ["termination"]

76
README.md
Unescape Escape View File

@ -4,35 +4,23 @@
[![Build status](https://ci.appveyor.com/api/projects/status/rx68dv1kjepslelh/branch/master?svg=true)](https://ci.appveyor.com/project/Zebradil/rustotpony/branch/master)
CLI manager of [time-based one-time password](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) generators.
It is a desktop alternative for Google Authenticator.
CLI manager of one-time password generators aka Google Authenticator.
Actually, it's simple in-file database which stores TOTP secret keys
without any encryption (will be added in the future).
## Installation
Make sure you have `$HOME/.cargo/bin` in your `$PATH`.
### From crates.io
```sh
$ cargo install rustotpony
```
### From source
1. Clone this repo
1. Run `cargo install` from the inside of the repo directory
1. Keep calm and wait for compilation
Probably, you will need `gcc` (Linux) or `clang` (Mac OS) to compile dependencies.
Probably, you need `gcc` (Linux) or `clang` (Mac OS) to compile dependencies.
## Usage
```text
$ totp help
🐴 RusTOTPony 0.2.3
German Lashevich <german.lashevich@gmail.com>
CLI manager of one-time password generators aka Google Authenticator
USAGE:
totp [SUBCOMMAND]
@ -52,55 +40,11 @@ SUBCOMMANDS:
Try `totp help [SUBCOMMAND]` to see help for the given subcommand
```
### Choose your password wisely
At the very first run `totp` asks for a password for a new database. It's located at `$HOME/.rustotpony/db.json` (don't be confused by `json` extension, actually, it's a binary file). If you forget the password or want to change it, you have to remove `$HOME/.rustotpony` directory. It's not convenient, but I'm going to improve usablity and an option for changing password.
### Basic scenario
1. Retrieve a secret key from your TOTP provider (it must be encoded with base32, for example: `GEZDGMZSGE2TKCQ=`)
```sh
$ # Creating a fake secret key for demo purposes
$ echo 123321555 | base32
GEZDGMZSGE2TKNIK
```
1. Add new generator with `totp add <NAME>` (you will be asked for a secret and a password)
```sh
$ # Adding a new TOTP generator
$ totp add demo
Enter your secret code:
Enter your database pass:
New application created: demo
```
If it's not the first run, you'll be asked for password twice: for opening database and for saving it.
1. Use `totp list` to check your secrets
```sh
$ # Listing all secrets in the database
$ totp list
Enter your database pass:
+------+------------------+----------+
| name | key | username |
+------+------------------+----------+
| demo | GEZDGMZSGE2TKNIK | |
+------+------------------+----------+
```
1. Use `totp dash` or just `totp` for realtime dashboard
```sh
$ # Display real-time dashboard with all generators
$ totp
Enter your database pass:
Welcome to RusTOTPony realtime dashboard! Press ^C to quit.
[============================================= ]
009216 demo
```
1. After hitting ^C it'll cleanup the dashboard
```sh
$ totp
Enter your database pass:
I won't tell anyone about this 🤫
```
Steps:
1. Retrieve your secret key from TOTP provider (it must be base32 encoded)
1. Add new generator with `totp add GENNAME` (you will be asked for your secret)
1. Check new generator by `totp list` or just display dashboard with one-time passwords with `totp dash`
## TODO
@ -114,4 +58,4 @@ At the very first run `totp` asks for a password for a new database. It's locate
Licensed under [the MIT License][MIT License].
[MIT License]: https://github.com/zebradil/rustotpony/blob/master/LICENSE
[MIT License]: https://github.com/zebradil/rustotpony/blob/master/LICENSE

23
src/bin/totp.rs
Unescape Escape View File

@ -1,11 +1,11 @@
extern crate clap;
extern crate ctrlc;
extern crate dirs;
extern crate rpassword;
extern crate rustotpony;
use clap::{App, Arg, SubCommand};
use rustotpony::*;
use rustotpony::databases::json::JsonDatabase;
use rustotpony::RusTOTPony;
use std::collections::HashMap;
use std::path::{Path, PathBuf};
use std::thread;
@ -26,7 +26,7 @@ impl Cli {
}
fn get_secret() -> String {
rpassword::prompt_password_stdout("Enter your database pass: ").unwrap()
return rpassword::prompt_password_stdout("Enter your database pass: ").unwrap();
}
// fn get_secret_from_storage() -> String { }
@ -120,7 +120,7 @@ impl Cli {
}
fn get_database_path() -> PathBuf {
let home = dirs::home_dir().unwrap_or_else(|| PathBuf::from("."));
let home = std::env::home_dir().unwrap_or(PathBuf::from("."));
home.join(Path::new(CONFIG_PATH))
}
@ -134,10 +134,9 @@ impl Cli {
print!("\x1B[{}A\x1B[0G\x1B[0J", lines_count + 1);
println!("I won't tell anyone about this 🤫");
std::process::exit(0);
})
.expect("Error setting Ctrl-C handler");
}).expect("Error setting Ctrl-C handler");
// Prepare sorted keys for displaying apps in order
let mut keys: Vec<String> = apps.keys().cloned().collect();
let mut keys: Vec<String> = apps.keys().map(|key| key.clone()).collect();
keys.sort();
loop {
if is_first_iteration {
@ -148,7 +147,7 @@ impl Cli {
Self::print_progress_bar();
for key in keys.iter() {
let app = &apps[key];
println! {"{:06} {}", app.get_code(), app.get_name()};
println!{"{:06} {}", app.get_code(), app.get_name()};
}
thread::sleep(Duration::from_millis(100));
}
@ -180,19 +179,19 @@ impl Cli {
return;
}
};
for application in apps.values() {
for (_, application) in apps {
applications_count += 1;
output_table
.entry("name")
.or_insert_with(Vec::new)
.or_insert(Vec::new())
.push(application.get_name());
output_table
.entry("key")
.or_insert_with(Vec::new)
.or_insert(Vec::new())
.push(application.get_secret());
output_table
.entry("username")
.or_insert_with(Vec::new)
.or_insert(Vec::new())
.push(application.get_username());
}
let name_max_length = output_table["name"]

0
src/databases/encrypted.rs
Unescape Escape View File

237
src/databases/json.rs
Unescape Escape View File

@ -0,0 +1,237 @@
use crypto::buffer::{BufferResult, ReadBuffer, WriteBuffer};
use crypto::digest::Digest;
use crypto::sha2::Sha256;
use crypto::{aes, blockmodes, buffer, symmetriccipher};
use databases::Database;
use generators::TOTP;
use std::collections::HashMap;
use std::fs::{create_dir_all, File, OpenOptions};
use std::io::ErrorKind;
use std::io::Write;
use std::path::{Path, PathBuf};
use rand::{OsRng, Rng};
const DATABASE_VERSION: u8 = 1;
pub struct JsonDatabase {
file_path: PathBuf,
secret_fn: &'static Fn() -> String,
}
// Database implementation for JSON database
impl Database for JsonDatabase {
fn get_applications(&self) -> HashMap<String, TOTP> {
let db_content = self.read_database_file();
db_content.content.applications
}
fn save_applications(&self, applications: &HashMap<String, TOTP>) {
let mut db_content = Self::get_empty_schema();
db_content.content.applications = applications.clone();
self.save_database_file(db_content);
}
}
#[derive(Serialize, Deserialize)]
struct JsonDatabaseSchema {
version: u8,
content: DatabaseContentSchema,
}
#[derive(Serialize, Deserialize)]
struct DatabaseContentSchema {
applications: HashMap<String, TOTP>,
}
const IV_SIZE: usize = 16;
const KEY_SIZE: usize = 32;
impl JsonDatabase {
pub fn new(path: PathBuf, secret_fn: &'static Fn() -> String) -> JsonDatabase {
JsonDatabase {
file_path: path,
secret_fn: secret_fn,
}
}
fn form_secret_key(input: &str) -> [u8; KEY_SIZE] {
let mut sha = Sha256::new();
sha.input_str(input);
let mut res: [u8; KEY_SIZE] = [0; KEY_SIZE];
sha.result(&mut res);
return res;
}
fn read_database_file(&self) -> JsonDatabaseSchema {
let data = match std::fs::read(&self.file_path) {
Ok(d) => d,
Err(ref err) if err.kind() == ErrorKind::NotFound => return Self::get_empty_schema(),
Err(err) => panic!("There was a problem opening file: {:?}", err),
};
let decrypted_data =
Self::decrypt_data(&data, &Self::form_secret_key((self.secret_fn)().as_str()));
serde_json::from_str(decrypted_data.as_str())
.expect("Couldn't parse JSON from database file")
}
fn decrypt_data(data: &[u8], key: &[u8]) -> String {
let iv = &data[..IV_SIZE];
String::from_utf8(Self::decrypt(&data[IV_SIZE..], key, iv).expect("Couldn't decrypt data"))
.ok()
.unwrap()
}
fn encrypt_data(data: &str, key: &[u8]) -> Vec<u8> {
let iv = Self::create_iv();
let encrypted_data =
Self::encrypt(data.as_bytes(), key, &iv).expect("Couldn't encrypt data");
[&iv, &encrypted_data[..]].concat()
}
fn create_iv() -> Vec<u8> {
let mut iv = vec![0; IV_SIZE];
let mut rng = OsRng::new().ok().unwrap();
rng.fill_bytes(&mut iv);
iv
}
fn save_database_file(&self, content: JsonDatabaseSchema) {
let mut file = match self.open_database_file_for_write() {
Ok(f) => f,
Err(ref err) if err.kind() == ErrorKind::NotFound => self
.create_database_file()
.expect("Couldn't create database file"),
Err(err) => panic!("Couldn't open database file: {:?}", err),
};
let data = serde_json::to_string(&content).expect("Couldn't serialize data to JSON");
let encrypted_data =
Self::encrypt_data(&data, &Self::form_secret_key((self.secret_fn)().as_str()));
file.write_all(&encrypted_data)
.expect("Couldn't write data to database file");
}
// Encrypt a buffer with the given key and iv using
// AES-256/CBC/Pkcs encryption.
fn encrypt(
data: &[u8],
key: &[u8],
iv: &[u8],
) -> Result<Vec<u8>, symmetriccipher::SymmetricCipherError> {
// Create an encryptor instance of the best performing
// type available for the platform.
let mut encryptor =
aes::cbc_encryptor(aes::KeySize::KeySize256, key, iv, blockmodes::PkcsPadding);
// Each encryption operation encrypts some data from
// an input buffer into an output buffer. Those buffers
// must be instances of RefReaderBuffer and RefWriteBuffer
// (respectively) which keep track of how much data has been
// read from or written to them.
let mut final_result = Vec::<u8>::new();
let mut read_buffer = buffer::RefReadBuffer::new(data);
let mut buffer = [0; 4096];
let mut write_buffer = buffer::RefWriteBuffer::new(&mut buffer);
// Each encryption operation will "make progress". "Making progress"
// is a bit loosely defined, but basically, at the end of each operation
// either BufferUnderflow or BufferOverflow will be returned (unless
// there was an error). If the return value is BufferUnderflow, it means
// that the operation ended while wanting more input data. If the return
// value is BufferOverflow, it means that the operation ended because it
// needed more space to output data. As long as the next call to the encryption
// operation provides the space that was requested (either more input data
// or more output space), the operation is guaranteed to get closer to
// completing the full operation - ie: "make progress".
//
// Here, we pass the data to encrypt to the enryptor along with a fixed-size
// output buffer. The 'true' flag indicates that the end of the data that
// is to be encrypted is included in the input buffer (which is true, since
// the input data includes all the data to encrypt). After each call, we copy
// any output data to our result Vec. If we get a BufferOverflow, we keep
// going in the loop since it means that there is more work to do. We can
// complete as soon as we get a BufferUnderflow since the encryptor is telling
// us that it stopped processing data due to not having any more data in the
// input buffer.
loop {
let result = try!(encryptor.encrypt(&mut read_buffer, &mut write_buffer, true));
// "write_buffer.take_read_buffer().take_remaining()" means:
// from the writable buffer, create a new readable buffer which
// contains all data that has been written, and then access all
// of that data as a slice.
final_result.extend(
write_buffer
.take_read_buffer()
.take_remaining()
.iter()
.map(|&i| i),
);
match result {
BufferResult::BufferUnderflow => break,
BufferResult::BufferOverflow => {}
}
}
Ok(final_result)
}
// Decrypts a buffer with the given key and iv using
// AES-256/CBC/Pkcs encryption.
fn decrypt(
encrypted_data: &[u8],
key: &[u8],
iv: &[u8],
) -> Result<Vec<u8>, symmetriccipher::SymmetricCipherError> {
let mut decryptor =
aes::cbc_decryptor(aes::KeySize::KeySize256, key, iv, blockmodes::PkcsPadding);
let mut final_result = Vec::<u8>::new();
let mut read_buffer = buffer::RefReadBuffer::new(encrypted_data);
let mut buffer = [0; 4096];
let mut write_buffer = buffer::RefWriteBuffer::new(&mut buffer);
loop {
let result = try!(decryptor.decrypt(&mut read_buffer, &mut write_buffer, true));
final_result.extend(
write_buffer
.take_read_buffer()
.take_remaining()
.iter()
.map(|&i| i),
);
match result {
BufferResult::BufferUnderflow => break,
BufferResult::BufferOverflow => {}
}
}
Ok(final_result)
}
fn create_database_file(&self) -> Result<File, std::io::Error> {
let dir = std::env::home_dir().unwrap_or(PathBuf::from("."));
if let Some(parent_dir) = Path::new(&self.file_path).parent() {
let dir = dir.join(parent_dir);
create_dir_all(dir)?;
}
self.open_database_file_for_write()
}
fn open_database_file_for_write(&self) -> Result<File, std::io::Error> {
OpenOptions::new()
.write(true)
.truncate(true)
.create(true)
.open(&self.file_path)
}
fn get_empty_schema() -> JsonDatabaseSchema {
JsonDatabaseSchema {
version: DATABASE_VERSION,
content: DatabaseContentSchema {
applications: HashMap::new(),
},
}
}
}

12
src/databases/mod.rs
Unescape Escape View File

@ -0,0 +1,12 @@
pub mod encrypted;
pub mod json;
use generators::TOTP;
use std::collections::HashMap;
// Database trait
pub trait Database {
fn get_applications(&self) -> HashMap<String, TOTP>;
fn save_applications(&self, applications: &HashMap<String, TOTP>);
}

62
src/generators.rs
Unescape Escape View File

@ -0,0 +1,62 @@
extern crate base32;
extern crate oath;
// Generator application struct
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct TOTP {
name: String,
secret: String,
username: String,
secret_bytes: Vec<u8>,
}
impl TOTP {
pub fn new(name: &str, username: &str, secret: &str, secret_bytes: Vec<u8>) -> Self {
TOTP {
name: String::from(name),
secret: String::from(secret),
username: String::from(username),
secret_bytes: secret_bytes,
}
}
pub fn new_base32(
name: &str,
username: &str,
base32_secret: &str,
) -> Result<TOTP, String> {
if let Some(secret_bytes) = TOTP::base32_to_bytes(base32_secret) {
Ok(TOTP::new(name, username, base32_secret, secret_bytes))
} else {
Err(String::from("Couldn't decode secret key"))
}
}
pub fn get_name(&self) -> &str {
self.name.as_str()
}
pub fn set_name(&mut self, name: &str) {
self.name = String::from(name);
}
pub fn get_secret(&self) -> &str {
self.secret.as_str()
}
pub fn get_username(&self) -> &str {
self.username.as_str()
}
pub fn get_code(&self) -> u64 {
Self::totp(&self.secret_bytes)
}
fn base32_to_bytes(secret: &str) -> Option<Vec<u8>> {
base32::decode(base32::Alphabet::RFC4648 { padding: false }, secret)
}
fn totp(secret_bytes: &[u8]) -> u64 {
oath::totp_raw_now(&secret_bytes, 6, 0, 30, &oath::HashType::SHA1)
}
}

321
src/lib.rs
Unescape Escape View File

@ -1,31 +1,27 @@
extern crate base32;
#![feature(fs_read_write)]
#![feature(extern_prelude)]
extern crate crypto;
extern crate dirs;
extern crate oath;
extern crate rand;
extern crate serde_json;
#[macro_use]
extern crate serde_derive;
use crypto::buffer::{BufferResult, ReadBuffer, WriteBuffer};
use crypto::digest::Digest;
use crypto::sha2::Sha256;
use crypto::{aes, blockmodes, buffer, symmetriccipher};
pub mod databases;
mod generators;
use rand::prelude::*;
use databases::Database;
use generators::TOTP;
use std::collections::HashMap;
use std::fs::{create_dir_all, File, OpenOptions};
use std::io::ErrorKind;
use std::io::Write;
use std::path::{Path, PathBuf};
const DATABASE_VERSION: u8 = 1;
// Application struct
// Contains database reference and in-memory generators (called «applications»)
pub struct RusTOTPony<DB: Database> {
database: DB,
applications: HashMap<String, GenApp>,
applications: HashMap<String, TOTP>,
}
impl<DB: Database> RusTOTPony<DB> {
@ -42,21 +38,17 @@ impl<DB: Database> RusTOTPony<DB> {
username: &str,
secret: &str,
) -> Result<(), String> {
if let Some(secret_bytes) = GenApp::base32_to_bytes(secret) {
let new_app = GenApp::new(name, username, secret, secret_bytes);
if self.applications.contains_key(name) {
Err(format!("Application with name '{}' already exists!", name))
} else {
self.applications.insert(String::from(name), new_app);
Ok(())
}
let new_app = TOTP::new_base32(name, username, secret)?;
if self.applications.contains_key(name) {
Err(format!("Application with name '{}' already exists!", name))
} else {
Err(String::from("Couldn't decode secret key"))
&self.applications.insert(String::from(name), new_app);
Ok(())
}
}
pub fn delete_application(&mut self, name: &str) -> Result<(), String> {
if self.applications.remove(name).is_some() {
if let Some(_) = self.applications.remove(name) {
Ok(())
} else {
Err(format!(
@ -68,22 +60,22 @@ impl<DB: Database> RusTOTPony<DB> {
pub fn rename_application(&mut self, name: &str, newname: &str) -> Result<(), String> {
if let Some(app) = self.applications.get_mut(name) {
app.name = String::from(newname);
app.set_name(newname);
Ok(())
} else {
Err(format!("Application '{}' wasn't found", name))
}
}
pub fn get_applications(&self) -> Result<&HashMap<String, GenApp>, String> {
if self.applications.is_empty() {
pub fn get_applications(&self) -> Result<&HashMap<String, TOTP>, String> {
if self.applications.len() == 0 {
Err(String::from("There are no applications"))
} else {
Ok(&self.applications)
}
}
pub fn get_application(&self, name: &str) -> Result<&GenApp, String> {
pub fn get_application(&self, name: &str) -> Result<&TOTP, String> {
if let Some(app) = self.applications.get(name) {
Ok(app)
} else {
@ -96,275 +88,10 @@ impl<DB: Database> RusTOTPony<DB> {
}
pub fn flush(&self) {
self.database.save_applications(&self.applications);
}
}
pub trait Database {
fn get_applications(&self) -> HashMap<String, GenApp>;
fn save_applications(&self, applications: &HashMap<String, GenApp>);
}
impl Database for JsonDatabase {
fn get_applications(&self) -> HashMap<String, GenApp> {
let db_content = self.read_database_file();
db_content.content.applications
}
fn save_applications(&self, applications: &HashMap<String, GenApp>) {
let mut db_content = Self::get_empty_schema();
db_content.content.applications = applications.clone();
self.save_database_file(db_content);
}
}
#[derive(Serialize, Deserialize)]
struct JsonDatabaseSchema {
version: u8,
content: DatabaseContentSchema,
}
#[derive(Serialize, Deserialize)]
struct DatabaseContentSchema {
applications: HashMap<String, GenApp>,
}
pub struct JsonDatabase {
file_path: PathBuf,
secret_fn: &'static dyn Fn() -> String,
}
const IV_SIZE: usize = 16;
const KEY_SIZE: usize = 32;
impl JsonDatabase {
pub fn new(path: PathBuf, secret_fn: &'static dyn Fn() -> String) -> JsonDatabase {
JsonDatabase {
file_path: path,
secret_fn,
}
}
fn form_secret_key(input: &str) -> [u8; KEY_SIZE] {
let mut sha = Sha256::new();
sha.input_str(input);
let mut res: [u8; KEY_SIZE] = [0; KEY_SIZE];
sha.result(&mut res);
res
}
fn read_database_file(&self) -> JsonDatabaseSchema {
let data = match std::fs::read(&self.file_path) {
Ok(d) => d,
Err(ref err) if err.kind() == ErrorKind::NotFound => return Self::get_empty_schema(),
Err(err) => panic!("There was a problem opening file: {:?}", err),
};
let decrypted_data =
Self::decrypt_data(&data, &Self::form_secret_key((self.secret_fn)().as_str()));
serde_json::from_str(decrypted_data.as_str())
.expect("Couldn't parse JSON from database file")
}
fn decrypt_data(data: &[u8], key: &[u8]) -> String {
let iv = &data[..IV_SIZE];
String::from_utf8(Self::decrypt(&data[IV_SIZE..], key, iv).expect("Couldn't decrypt data"))
.ok()
.unwrap()
}
fn encrypt_data(data: &str, key: &[u8]) -> Vec<u8> {
let iv = Self::create_iv();
let encrypted_data =
Self::encrypt(data.as_bytes(), key, &iv).expect("Couldn't encrypt data");
[&iv, &encrypted_data[..]].concat()
}
fn create_iv() -> Vec<u8> {
let mut iv = vec![0; IV_SIZE];
let mut rng = rand::thread_rng();
rng.fill_bytes(&mut iv);
iv
}
fn save_database_file(&self, content: JsonDatabaseSchema) {
let mut file = match self.open_database_file_for_write() {
Ok(f) => f,
Err(ref err) if err.kind() == ErrorKind::NotFound => self
.create_database_file()
.expect("Couldn't create database file"),
Err(err) => panic!("Couldn't open database file: {:?}", err),
};
let data = serde_json::to_string(&content).expect("Couldn't serialize data to JSON");
let encrypted_data =
Self::encrypt_data(&data, &Self::form_secret_key((self.secret_fn)().as_str()));
file.write_all(&encrypted_data)
.expect("Couldn't write data to database file");
}
// Encrypt a buffer with the given key and iv using
// AES-256/CBC/Pkcs encryption.
fn encrypt(
data: &[u8],
key: &[u8],
iv: &[u8],
) -> Result<Vec<u8>, symmetriccipher::SymmetricCipherError> {
// Create an encryptor instance of the best performing
// type available for the platform.
let mut encryptor =
aes::cbc_encryptor(aes::KeySize::KeySize256, key, iv, blockmodes::PkcsPadding);
// Each encryption operation encrypts some data from
// an input buffer into an output buffer. Those buffers
// must be instances of RefReaderBuffer and RefWriteBuffer
// (respectively) which keep track of how much data has been
// read from or written to them.
let mut final_result = Vec::<u8>::new();
let mut read_buffer = buffer::RefReadBuffer::new(data);
let mut buffer = [0; 4096];
let mut write_buffer = buffer::RefWriteBuffer::new(&mut buffer);
// Each encryption operation will "make progress". "Making progress"
// is a bit loosely defined, but basically, at the end of each operation
// either BufferUnderflow or BufferOverflow will be returned (unless
// there was an error). If the return value is BufferUnderflow, it means
// that the operation ended while wanting more input data. If the return
// value is BufferOverflow, it means that the operation ended because it
// needed more space to output data. As long as the next call to the encryption
// operation provides the space that was requested (either more input data
// or more output space), the operation is guaranteed to get closer to
// completing the full operation - ie: "make progress".
//
// Here, we pass the data to encrypt to the enryptor along with a fixed-size
// output buffer. The 'true' flag indicates that the end of the data that
// is to be encrypted is included in the input buffer (which is true, since
// the input data includes all the data to encrypt). After each call, we copy
// any output data to our result Vec. If we get a BufferOverflow, we keep
// going in the loop since it means that there is more work to do. We can
// complete as soon as we get a BufferUnderflow since the encryptor is telling
// us that it stopped processing data due to not having any more data in the
// input buffer.
loop {
let result = encryptor.encrypt(&mut read_buffer, &mut write_buffer, true)?;
// "write_buffer.take_read_buffer().take_remaining()" means:
// from the writable buffer, create a new readable buffer which
// contains all data that has been written, and then access all
// of that data as a slice.
final_result.extend(
write_buffer
.take_read_buffer()
.take_remaining()
.iter()
.copied(),
);
match result {
BufferResult::BufferUnderflow => break,
BufferResult::BufferOverflow => {}
}
}
Ok(final_result)
}
// Decrypts a buffer with the given key and iv using
// AES-256/CBC/Pkcs encryption.
fn decrypt(
encrypted_data: &[u8],
key: &[u8],
iv: &[u8],
) -> Result<Vec<u8>, symmetriccipher::SymmetricCipherError> {
let mut decryptor =
aes::cbc_decryptor(aes::KeySize::KeySize256, key, iv, blockmodes::PkcsPadding);
let mut final_result = Vec::<u8>::new();
let mut read_buffer = buffer::RefReadBuffer::new(encrypted_data);
let mut buffer = [0; 4096];
let mut write_buffer = buffer::RefWriteBuffer::new(&mut buffer);
loop {
let result = decryptor.decrypt(&mut read_buffer, &mut write_buffer, true)?;
final_result.extend(
write_buffer
.take_read_buffer()
.take_remaining()
.iter()
.copied(),
);
match result {
BufferResult::BufferUnderflow => break,
BufferResult::BufferOverflow => {}
}
}
Ok(final_result)
}
fn create_database_file(&self) -> Result<File, std::io::Error> {
let dir = dirs::home_dir().unwrap_or_else(|| PathBuf::from("."));
if let Some(parent_dir) = Path::new(&self.file_path).parent() {
let dir = dir.join(parent_dir);
create_dir_all(dir)?;
}
self.open_database_file_for_write()
}
fn open_database_file_for_write(&self) -> Result<File, std::io::Error> {
OpenOptions::new()
.write(true)
.truncate(true)
.create(true)
.open(&self.file_path)
}
fn get_empty_schema() -> JsonDatabaseSchema {
JsonDatabaseSchema {
version: DATABASE_VERSION,
content: DatabaseContentSchema {
applications: HashMap::new(),
},
}
&self.database.save_applications(&self.applications);
}
}
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct GenApp {
name: String,
secret: String,
username: String,
secret_bytes: Vec<u8>,
}
impl GenApp {
fn new(name: &str, username: &str, secret: &str, secret_bytes: Vec<u8>) -> Self {
GenApp {
name: String::from(name),
secret: String::from(secret),
username: String::from(username),
secret_bytes,
}
}
pub fn get_name(&self) -> &str {
self.name.as_str()
}
pub fn get_secret(&self) -> &str {
self.secret.as_str()
}
pub fn get_username(&self) -> &str {
self.username.as_str()
}
pub fn get_code(&self) -> u64 {
Self::totp(&self.secret_bytes)
}
fn base32_to_bytes(secret: &str) -> Option<Vec<u8>> {
base32::decode(base32::Alphabet::RFC4648 { padding: false }, secret)
}
fn totp(secret_bytes: &[u8]) -> u64 {
oath::totp_raw_now(&secret_bytes, 6, 0, 30, &oath::HashType::SHA1)
}
}
// Application → Database (JsonDatabase, EncryptedDatabase)
// ↓ ↓
// GeneratorApplication

Write Preview
Loading…
Cancel
Save