adamantite 0.0.3 → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb2fee60dd29d1cf4e5d3ca9fe052322b5e824769c4fb673068c75ec75bdd700
-  data.tar.gz: 77b65b3e70c79ea50d945566f9f7b4af841d49449fab4ba69ecde594a0093a0a
+  metadata.gz: 47190df18bbcffa68fd20d16d9ffb048f6f7b0b521104727f3e849a40aa29b48
+  data.tar.gz: 6acad9247d871f293b81f33976ce37b6465e043afacf5849fa31edf8640475ce
 SHA512:
-  metadata.gz: 8d512ad63718365e1076946093bbf180a2e48d98a74f1ca94ebcf7f3db0f8812a8d2a021b43c653762fecd29741e602ea5c6c92e5021658f550bb1d7bf0c6ede
-  data.tar.gz: 2e68d7b07925cc5910fa6129371696191f0ca721c7676db9d61aad9daac4694682f3cebda5b7d3c237df3178b08064a6645e87225dbf6352d815e3c694f988d0
+  metadata.gz: 36b1e5ac28a539c7a2e5461bcfa4b0d0c512ae572ff8e8b2b4faf56b52a9212e0d2566e89c963b7347782d03a43cfdde3179289a2f0b73a3dd582e7855a5be51
+  data.tar.gz: 7a46bbccbf113303a4ed2f6db562ecd4c59f4fbdf8abcaff582e9c7e0425869b02f4b1a3a778f356ce22f22196ffabff31cdb40234029e95f783584c538cbb74

data/bin/adamantite

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
-require "adamantite"
+# frozen_string_literal: true
 
-AdamantiteApp.launch
+require 'adamantite'
+
+Adamantite::AdamantiteApp.launch

data/lib/adamantite.rb

@@ -1,133 +1,138 @@
-require "glimmer-dsl-libui"
-require "bcrypt"
-require "openssl"
-require "base64"
-require "json"
-require "io/console"
+# frozen_string_literal: true
 
-require "file_utils/file_utils"
-require "pw_utils/pw_utils"
-require "base/adamantite"
-require "base/password_object"
-require "gui/screen/login_screen"
-require "gui/screen/copy_screen"
-require "gui/screen/show_screen"
-require "gui/screen/set_master_password_screen"
-require "gui/screen/update_master_password_screen"
-require "gui/request/login_request"
-require "gui/request/add_password_request"
-require "gui/request/update_master_password_request"
-require "gui/request/set_master_password_request"
-require "gui/form/password_object_form_window"
+require 'glimmer-dsl-libui'
+require 'bcrypt'
+require 'openssl'
+require 'base64'
+require 'json'
+require 'io/console'
 
-include Adamantite::FileUtils
-include Adamantite::PWUtils
+require 'fileutils'
+require 'file_utils/adamantite_file_utils'
+require 'base/adamantite'
+require 'base/password_object'
+require 'gui/screen/login_screen'
+require 'gui/screen/copy_screen'
+require 'gui/screen/show_screen'
+require 'gui/screen/set_master_password_screen'
+require 'gui/screen/update_master_password_screen'
+require 'gui/request/login_request'
+require 'gui/request/add_password_request'
+require 'gui/request/update_master_password_request'
+require 'gui/request/set_master_password_request'
+require 'gui/form/password_object_form_window'
 
-class AdamantiteApp
-  include Glimmer::LibUI::Application
+module Adamantite
+  class AdamantiteApp
+    include Glimmer::LibUI::Application
+    include Adamantite::AdamantiteFileUtils
 
-  attr_accessor :add_password_request, :stored_passwords
+    attr_accessor :add_password_request, :stored_passwords
 
-  before_body do
-    if !pw_file_exists?('master')
-      set_master_password_request = Adamantite::GUI::Request::SetMasterPasswordRequest.new
-      set_master_password_screen(set_master_password_request: set_master_password_request).show
-    end
+    before_body do
+      unless master_password_exists?
+        set_master_password_request = GUI::Request::SetMasterPasswordRequest.new
+        set_master_password_screen(set_master_password_request: set_master_password_request).show
+      end
 
-    login_request = Adamantite::GUI::Request::LoginRequest.new
-    login_screen(login_request: login_request).show
+      login_request = GUI::Request::LoginRequest.new
+      login_screen(login_request: login_request).show
 
-    if !login_request.authenticated
-      exit(0)
-    end
+      unless login_request.authenticated
+        exit(0)
+      end
 
-    @stored_passwords = get_stored_pws.map do |title|
-      pw_info = get_pw_file(title)
-      [title, pw_info["username"], 'Edit', 'Copy', 'Show', 'Delete']
+      @adamantite = login_request.adamantite
+      @stored_passwords = @adamantite.stored_passwords.map do |stored_password|
+        [stored_password[:website_title], stored_password[:username], 'Edit', 'Copy', 'Show', 'Delete']
+      end
+      @master_password = @adamantite.master_password
+      @master_password_salt = @adamantite.master_password_salt
+      @add_password_request = GUI::Request::AddPasswordRequest.new(@master_password, @master_password_salt)
     end
-    @master_password = login_request.master_password
-    @master_password_salt = login_request.master_password_salt
-    @adamantite_object = Adamantite::Base::Adamantite.new(@master_password)
-    @adamantite_object.authenticate!
-    @add_password_request = Adamantite::GUI::Request::AddPasswordRequest.new(@master_password, @master_password_salt)
-  end
 
-  body {
-    window('Adamantite', 800, 400) {
-      margined true
+    body do
+      window('Adamantite', 800, 400) do
+        margined true
 
-      vertical_box {
-        table {
-          text_column('Title')
-          text_column('Username')
-          button_column('Edit') {
-            on_clicked do |row|
-              on_save = lambda { |password_object|
-                stored_password = []
-                stored_password << password_object.website_title
-                stored_password << password_object.username
-                stored_password << 'Edit'
-                stored_password << 'Copy'
-                stored_password << 'Show'
-                stored_password << 'Delete'
-                @stored_passwords[password_object.row_index] = stored_password
-              }
-              password_title = @stored_passwords[row].first
-              username = @stored_passwords[row][1]
-              pw_info = get_pw_file(password_title)
-              stored_pw_selection = decrypt_pw(pw_info["iv"], pw_info["password"], @master_password, @master_password_salt)
-              password_object = Adamantite::Base::PasswordObject.new(password_title, username, stored_pw_selection, stored_pw_selection, row)
-              password_object_form_window(master_pw: @master_password, master_pw_salt: @master_password_salt, on_save: on_save, password_object: password_object).show
+        vertical_box do
+          table do
+            text_column('Title')
+            text_column('Username')
+            button_column('Edit') do
+              on_clicked do |row|
+                on_save = lambda do |password_object|
+                  stored_password = []
+                  stored_password << password_object.website_title
+                  stored_password << password_object.username
+                  stored_password << 'Edit'
+                  stored_password << 'Copy'
+                  stored_password << 'Show'
+                  stored_password << 'Delete'
+                  @stored_passwords[password_object.row_index] = stored_password
+                  adamantite_stored_password = {
+                    'dir_name': password_object.dir_name,
+                    'website_title': password_object.website_title,
+                    'username': @adamantite.retrieve_password_info(password_object.dir_name, 'username')
+                  }
+                  @adamantite.stored_passwords[password_object.row_index] = adamantite_stored_password
+                end
+                website_title = @stored_passwords[row][0]
+                username = @stored_passwords[row][1]
+                dir_name = @adamantite.stored_passwords[row][:dir_name]
+                password = @adamantite.retrieve_password_info(dir_name, 'password')
+                password_object = Base::PasswordObject.new(website_title, username, password, password, row, dir_name)
+                password_object_form_window(adamantite: @adamantite, on_save: on_save, password_object: password_object).show
+              end
             end
-          }
-          button_column('Copy') {
-            on_clicked do |row|
-              password_title = @stored_passwords[row].first
-              pw_info = get_pw_file(password_title)
-              stored_pw_selection = decrypt_pw(pw_info["iv"], pw_info["password"], @master_password, @master_password_salt)
-              IO.popen('pbcopy', 'w') { |f| f << stored_pw_selection }
-              copy_screen(password_title: password_title).show
+            button_column('Copy') do
+              on_clicked do |row|
+                IO.popen('pbcopy', 'w') do |f|
+                  dir_name = @adamantite.stored_passwords[row][:dir_name]
+                  f << @adamantite.retrieve_password_info(dir_name, 'password')
+                end
+                copy_screen(password_title: @stored_passwords[row].first).show
+              end
             end
-          }
-          button_column('Show') {
-            on_clicked do |row|
-              pw_info = get_pw_file(@stored_passwords[row].first)
-              stored_pw_selection = decrypt_pw(pw_info["iv"], pw_info["password"], @master_password, @master_password_salt)
-              show_screen(password: stored_pw_selection).show
+            button_column('Show') do
+              on_clicked do |row|
+                dir_name = @adamantite.stored_passwords[row][:dir_name]
+                show_screen(password: @adamantite.retrieve_password_info(dir_name, 'password')).show
+              end
             end
-          }
-          button_column('Delete') {
-            on_clicked do |row|
-              delete_pw_file(@stored_passwords[row].first)
-              @stored_passwords.delete_at(row)
+            button_column('Delete') do
+              on_clicked do |row|
+                @adamantite.delete_password(@adamantite.stored_passwords[row][:dir_name])
+                @stored_passwords.delete_at(row)
+              end
             end
-          }
-          cell_rows <=> [self, :stored_passwords]
-        }
-        horizontal_box {
-          button('Add Password') {
-            on_clicked do
-              on_save = lambda { |password_object|
-                stored_password = []
-                stored_password << password_object.website_title
-                stored_password << password_object.username
-                stored_password << 'Edit'
-                stored_password << 'Copy'
-                stored_password << 'Show'
-                stored_password << 'Delete'
-                @stored_passwords << stored_password
-              }
-              password_object_form_window(master_pw: @master_password, master_pw_salt: @master_password_salt, on_save: on_save).show
+            cell_rows <=> [self, :stored_passwords]
+          end
+          horizontal_box do
+            button('Add Password') do
+              on_clicked do
+                on_save = lambda do |password_object|
+                  stored_password = []
+                  stored_password << password_object.website_title
+                  stored_password << password_object.username
+                  stored_password << 'Edit'
+                  stored_password << 'Copy'
+                  stored_password << 'Show'
+                  stored_password << 'Delete'
+                  @stored_passwords << stored_password
+                end
+                password_object_form_window(adamantite: @adamantite, on_save: on_save).show
+              end
             end
-          }
-          button('Update Master Password') {
-            on_clicked do
-              update_master_password_request = Adamantite::GUI::Request::UpdateMasterPasswordRequest.new(@adamantite_object)
-              update_master_password_screen(update_master_password_request: update_master_password_request).show
+            button('Update Master Password') do
+              on_clicked do
+                update_master_password_request = GUI::Request::UpdateMasterPasswordRequest.new(@adamantite)
+                update_master_password_screen(update_master_password_request: update_master_password_request).show
+              end
             end
-          }
-        }
-      }
-    }
-  }
+          end
+        end
+      end
+    end
+  end
 end

data/lib/base/adamantite.rb

@@ -1,59 +1,158 @@
-require "file_utils/file_utils"
-require "pw_utils/pw_utils"
+# frozen_string_literal: true
 
-include Adamantite::FileUtils
-include Adamantite::PWUtils
+require 'file_utils/adamantite_file_utils'
+require 'rbnacl'
+require 'base64'
 
 module Adamantite
   module Base
     class Adamantite
+      include AdamantiteFileUtils
 
-      attr_accessor :authenticated
+      attr_reader :authenticated, :master_password, :master_password_salt, :stored_passwords
 
-      def initialize(master_pw)
-        @master_pw = master_pw
+      OPSLIMIT = 2**20
+      MEMLIMIT = 2**24
+      DIGEST_SIZE = 32
+
+      def initialize(master_password)
+        @master_password = master_password
         @authenticated = false
-        @master_pw_exists = pw_file_exists?('master')
       end
 
       def authenticate!
-        return false unless @master_pw_exists
-        master_pw_info = get_master_pw_info
-        master_pw_hash = master_pw_info['password']
-        master_pw_salt = master_pw_info['salt']
-        master_pw_comparator = generate_master_pw_comparator(master_pw_hash)
-
-        if master_pw_comparator == @master_pw + master_pw_salt
-          @authenticated = true
-          @master_pw_hash = master_pw_hash
-          @master_pw_salt = master_pw_salt
-          @stored_passwords = get_stored_pws
+        if master_password_exists?
+          master_password_salt = get_master_password_salt
+          master_encrypted_vault_key = get_master_encrypted_vault_key
+          entered_master_password_hash = rbnacl_scrypt_hash(@master_password, master_password_salt)
+          vault = rbnacl_box(entered_master_password_hash)
+
+          begin
+            @master_vault_key = vault.decrypt(master_encrypted_vault_key)
+            @authenticated = true
+            @master_password_salt = master_password_salt
+            @vault = rbnacl_box(@master_vault_key)
+            update_stored_passwords!
+            true
+          rescue RbNaCl::CryptoError
+            false
+          end
+        else
+          false
+        end
+      end
+
+      def save_password(website_title, username, password, password_confirmation)
+        return unless password == password_confirmation && authenticated?
+
+        encrypted_file_name_ascii_8bit = @vault.encrypt(website_title)
+        dir_name = Base64.urlsafe_encode64(encrypted_file_name_ascii_8bit)
+        make_password_dir(dir_name)
+        write_to_file(password_file(dir_name, 'username'), @vault.encrypt(username), true)
+        write_to_file(password_file(dir_name, 'password'), @vault.encrypt(password), true)
+        update_stored_passwords!
+        dir_name
+      end
+
+      def delete_password(password_dir_name)
+        FileUtils.remove_entry_secure(password_file(password_dir_name))
+        update_stored_passwords!
+      end
+
+      def retrieve_password_info(website_title, info_name)
+        return unless authenticated?
+
+        @vault.decrypt(read_file(password_file(website_title, info_name), true))
+      end
+
+      def serialize_master_password(master_password, master_password_confirmation)
+        if master_password == master_password_confirmation
+          master_password_salt = rbnacl_random_bytes
+          master_password_hash = rbnacl_scrypt_hash(master_password, master_password_salt)
+          vault_key = rbnacl_random_bytes
+          vault = rbnacl_box(master_password_hash)
+          encrypted_vault_key = vault.encrypt(vault_key)
+          make_pwmanager_dir
+          write_master_info(master_password_salt, encrypted_vault_key)
           true
         else
           false
         end
       end
 
-      def update_master_password!(new_master_pw, new_master_pw_confirmation)
-        return false unless new_master_pw == new_master_pw_confirmation && @authenticated
+      def update_master_password!(new_master_password, new_master_password_confirmation)
+        if new_master_password == new_master_password_confirmation && authenticated?
+          new_master_password_salt = rbnacl_random_bytes
+          new_master_password_hash = rbnacl_scrypt_hash(new_master_password, new_master_password_salt)
+          vault_key = rbnacl_random_bytes
+          vault = rbnacl_box(new_master_password_hash)
+          encrypted_vault_key = vault.encrypt(vault_key)
 
-        new_master_pw_info = generate_master_pw_hash(new_master_pw)
-        new_master_pw_hash = new_master_pw_info[:master_pw_hash]
-        new_master_pw_salt = new_master_pw_info[:salt]
+          new_password_data = @stored_passwords.map do |stored_password|
+            info = {}
+            info['website_title'] = stored_password[:website_title]
+            info['username'] = retrieve_password_info(stored_password[:dir_name], 'username')
+            info['password'] = retrieve_password_info(stored_password[:dir_name], 'password')
+            info
+          end
 
-        @stored_passwords.each do |stored_password|
-          pw_info = get_pw_file(stored_password)
-          pw = decrypt_pw(pw_info['iv'], pw_info['password'], @master_pw, @master_pw_salt)
-          pw_info_for_file = make_pw_info(pw_info['username'], pw, new_master_pw, new_master_pw_salt)
-          write_pw_to_file(stored_password, **pw_info_for_file)
+          FileUtils.copy_entry(pwmanager_dir, pwmanager_tmp_dir)
+          FileUtils.remove_entry_secure(pwmanager_dir)
+          @vault = rbnacl_box(vault_key)
+          make_pwmanager_dir
+          new_password_data.each do |new_password|
+            website_title = new_password['website_title']
+            username = new_password['username']
+            password = new_password['password']
+            save_password(website_title, username, password, password)
+          end
+          FileUtils.remove_entry_secure(pwmanager_tmp_dir)
+          write_master_info(new_master_password_salt, encrypted_vault_key)
+          @master_password_salt = master_password_salt
+          @master_encrypted_vault_key = encrypted_vault_key
+          true
+        else
+          false
+        end
+      end
+
+      def authenticated?
+        @authenticated
+      end
+
+      def update_stored_passwords!
+        @stored_passwords = get_stored_pws.map do |stored_password|
+          {
+            'dir_name': stored_password,
+            'website_title': decode_encrypted_utf8_string(stored_password),
+            'username': retrieve_password_info(stored_password, 'username')
+          }
         end
+      end
+
+      private
+
+      def rbnacl_box(key)
+        RbNaCl::SimpleBox.from_secret_key(key)
+      end
+
+      def rbnacl_random_bytes
+        RbNaCl::Random.random_bytes(RbNaCl::PasswordHash::SCrypt::SALTBYTES)
+      end
+
+      def rbnacl_scrypt_hash(password, salt)
+        RbNaCl::PasswordHash.scrypt(password, salt, OPSLIMIT, MEMLIMIT, DIGEST_SIZE)
+      end
+
+      def decode_encrypted_utf8_string(encrypted_string)
+        decoded_data = Base64.urlsafe_decode64(encrypted_string)
+        @vault.decrypt(decoded_data)
+      end
 
-        write_pw_to_file('master', password: new_master_pw_hash, salt: new_master_pw_salt)
-        @master_pw_hash = get_master_pw_info
-        @master_pw = new_master_pw
-        @master_pw_salt = new_master_pw_salt
-        true
+      def write_master_info(master_password_salt, master_vault_key)
+        write_to_file(password_file('master_password_salt'), master_password_salt, true)
+        write_to_file(password_file('master_encrypted_vault_key'), master_vault_key, true)
       end
     end
   end
-end
+end

data/lib/base/editor/password_object_editor.rb

@@ -1,12 +1,14 @@
-require "base/password_object"
-require "file_utils/file_utils"
-require "pw_utils/pw_utils"
+# frozen_string_literal: true
+
+require 'base/password_object'
+require 'file_utils/adamantite_file_utils'
+require 'pw_utils/pw_utils'
 
 module Adamantite
   module Base
     module Editor
       class PasswordObjectEditor
-        include FileUtils
+        include AdamantiteFileUtils
         include PWUtils
 
         # editable_user provides the temporary user object for editing
@@ -14,10 +16,9 @@ module Adamantite
 
         # initializes a user editor with nil when creating a new user
         # or with an existing user when editing an existing user
-        def initialize(master_pw, master_pw_salt, password_object = nil)
+        def initialize(adamantite, password_object = nil)
           @password_object = password_object || PasswordObject.new
-          @master_pw = master_pw
-          @master_pw_salt = master_pw_salt
+          @adamantite = adamantite
           reset_editable_password_object
         end
 
@@ -32,12 +33,17 @@ module Adamantite
         # saves editable user data and returns final user to add to DB/File/Array/etc...
         def save
           return false unless @password_object.password == @password_object.password_confirmation
+
           @password_object.website_title = @editable_password_object.website_title
           @password_object.username = @editable_password_object.username
           @password_object.password = @editable_password_object.password
           @password_object.password_confirmation = @editable_password_object.password_confirmation
-          pw_info_for_file = make_pw_info(@password_object.username, @password_object.password, @master_pw, @master_pw_salt)
-          write_pw_to_file(@password_object.website_title, **pw_info_for_file)
+          @password_object.dir_name = @adamantite.save_password(@password_object.website_title,
+                                                                @password_object.username,
+                                                                @password_object.password,
+                                                                @password_object.password_confirmation)
+
+          @adamantite.delete_password(@password_object.initial_dir_name) if @password_object.initial_dir_name
           @password_object
         end
 
@@ -48,4 +54,4 @@ module Adamantite
       end
     end
   end
-end
+end

data/lib/base/password_object.rb

@@ -1,15 +1,20 @@
+# frozen_string_literal: true
+
 module Adamantite
   module Base
     class PasswordObject
-      attr_accessor :website_title, :username, :password, :password_confirmation, :row_index
+      attr_accessor :website_title, :username, :password, :password_confirmation,
+                    :row_index, :dir_name, :initial_dir_name
 
-      def initialize(website_title = nil, username = nil, password = nil, password_confirmation = nil, row_index = nil)
+      def initialize(website_title = nil, username = nil, password = nil,
+                     password_confirmation = nil, row_index = nil, initial_dir_name = nil)
         @website_title = website_title
         @username = username
         @password = password
         @password_confirmation = password_confirmation
         @row_index = row_index
+        @initial_dir_name = initial_dir_name
       end
     end
   end
-end
+end

data/lib/file_utils/adamantite_file_utils.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Adamantite
+  module AdamantiteFileUtils
+    def home_dir
+      ENV['HOME']
+    end
+
+    def pwmanager_dir
+      File.join(home_dir, '.adamantite')
+    end
+
+    def pwmanager_tmp_dir
+      File.join(home_dir, '.adamantite_tmp')
+    end
+
+    def pwmanager_dir_exists?
+      Dir.exist?(pwmanager_dir)
+    end
+
+    def make_pwmanager_dir
+      Dir.mkdir(pwmanager_dir)
+    end
+
+    def make_password_dir(password_dir_title)
+      Dir.mkdir(File.join(pwmanager_dir, password_dir_title))
+    end
+
+    def pw_file(title)
+      File.join(pwmanager_dir, title)
+    end
+
+    def password_file(*args)
+      File.join(pwmanager_dir, *args)
+    end
+
+    def pw_file_exists?(title)
+      File.exist?(pw_file(title))
+    end
+
+    def write_pw_to_file(title, **kwargs)
+      make_pwmanager_dir unless pwmanager_dir_exists?
+
+      File.open(pw_file(title), 'w') do |f|
+        JSON.dump(kwargs, f)
+      end
+    end
+
+    def write_to_file(file_name, file_contents, binary)
+      if binary
+        File.open(file_name, 'wb') do |f|
+          f.write(file_contents)
+        end
+      else
+        File.open(file_name, 'w') do |f|
+          f.write(file_contents)
+        end
+      end
+    end
+
+    def read_file(file_name, binary)
+      if binary
+        File.open(file_name, 'rb', &:read)
+      else
+        File.open(file_name, 'r', &:read)
+      end
+    end
+
+    def delete_pw_file(title)
+      File.delete(pw_file(title))
+    end
+
+    def get_pw_file(title)
+      JSON.load_file(pw_file(title))
+    end
+
+    def get_master_password_info
+      get_pw_file('master')
+    end
+
+    def get_master_password_hash
+      File.open(pw_file('master_password_hash'), 'rb', &:read)
+    end
+
+    def get_master_password_salt
+      File.open(pw_file('master_password_salt'), 'rb', &:read)
+    end
+
+    def get_master_encrypted_vault_key
+      File.open(pw_file('master_encrypted_vault_key'), 'rb', &:read)
+    end
+
+    def get_stored_pws
+      excluded_filenames = ['.', '..', 'master_password_hash', 'master_password_salt', 'master_encrypted_vault_key']
+      Dir.entries(pwmanager_dir).filter { |f| !excluded_filenames.include?(f) }
+    end
+
+    def master_password_exists?
+      pw_file_exists?('master_encrypted_vault_key') && pw_file_exists?('master_password_salt')
+    end
+  end
+end