clandestine 0.0.1 → 0.1.0

data/lib/clandestine/commands/remove_safe.rb

@@ -0,0 +1,18 @@
+require_relative '../safe'
+
+module Clandestine
+  class RemoveSafe
+    attr_reader :safe_password
+    private :safe_password
+
+    def initialize(safe_password)
+      @safe_password = safe_password
+    end
+
+    def remove
+      Safe.new(safe_password).open do |safe|
+        safe.remove
+      end
+    end
+  end
+end

data/lib/clandestine/commands/update.rb

@@ -0,0 +1,32 @@
+require_relative '../safe'
+require_relative '../io'
+require_relative '../password_generator'
+
+module Clandestine
+  module Commands
+    class Update
+      attr_reader :safe_password, :key
+      private :safe_password, :key
+
+      def initialize(safe_password, key = nil)
+        @safe_password = safe_password
+        @key = key.to_sym if key
+      end
+
+      def update
+        Safe.new(safe_password).open do |safe|
+          if key
+            if safe[key]
+              safe.add(key, PasswordGenerator.random_password)
+            else
+              false
+            end
+          else
+            new_password = IO.get_password(true).chomp
+            safe.update_safe_password(new_password)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/clandestine/crypt.rb

@@ -1,29 +1,52 @@
+require 'base64'
+require 'bcrypt'
+require_relative 'clandestine_error'
+
 module Clandestine
-  # This module provides encrypt 
-  # and decrypt methods using aes-256-cbc
   module Crypt
-  
-    def encrypt(data, password)
-      Base64.encode64 aes(:encrypt, password, data)
+    def self.hash_password(password)
+      BCrypt::Password.create(password).b
     end
-  
-    def decrypt(data, password)
-      aes(:decrypt, password, Base64.decode64(data))
+
+    def self.matches(hash, password)
+      BCrypt::Password.new(hash) == password
     end
-  
-    # Uses AES-256-CBC to encrypt data
-    # Key length is 32 bytes
-    # IV length is 16 bytes
-    # TODO Use random IV and include it in 
-    # encrypted data rather than using the same
-    # IV every time.
-    def aes(mode, password, data)
-      sha256 = Digest::SHA2.new
+
+    def self.encrypt(data, password)
+      cipher = aes(:encrypt)
+      cipher.iv = iv = cipher.random_iv
+      key_len = cipher.key_len
+      salt = OpenSSL::Random.random_bytes 16
+      cipher.key = key = get_key(password, key_len, salt)
+      encrypted = cipher.update(data) << cipher.final
+      Base64.encode64 encrypted << salt << iv
+    end
+
+    def self.decrypt(data, password)
+      data = Base64.decode64 data
+      cipher = aes(:decrypt)
+      cipher.iv = data.slice! -16..-1
+      key_len = cipher.key_len
+      salt = data.slice! -16..-1
+      cipher.key = get_key(password,key_len, salt)
+      cipher.update(data) << cipher.final
+    rescue OpenSSL::Cipher::CipherError
+      raise ClandestineError, 'Invalid password!'
+    end
+
+    private
+
+    def self.aes(type)
       aes = OpenSSL::Cipher.new("AES-256-CBC")
-      aes.send(mode)
-      aes.key = sha256.digest(password)
-      aes.iv = '0123456789012345'
-      '' << aes.update(data) << aes.final
+      aes.send type
+      aes
+    end
+
+    def self.get_key(password, length, salt)
+      iter = 20000
+      digest = OpenSSL::Digest::SHA256.new
+      OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iter, length, digest)
     end
+
   end
 end

data/lib/clandestine/io.rb

@@ -0,0 +1,32 @@
+require 'highline/import'
+
+module Clandestine
+  class IO
+    def self.copy_to_clipboard(value)
+      ::IO.popen('pbcopy', 'w') { |b| b.print "#{value}" }
+      say("Password on clipboard countdown: ")
+      10.downto(1) do |n|
+        sleep(1);
+        n == 1 ? say("1") : say("#{n} ")
+      end
+      ::IO.popen('pbcopy', 'w') { |b| b.print "" }
+    end
+
+    def self.print_keys(contents)
+      puts "-------------"
+      puts "Safe Contents"
+      puts "-------------"
+      contents.sort.each { |key| puts key.to_s }
+    end
+
+    def self.get_password(safe_password = false)
+      message = if safe_password
+        "Enter the new safe password"
+      else
+        "Enter the safe password"
+      end
+      ask(message) { |q| q.echo = "*" }
+    end
+
+  end
+end

data/lib/clandestine/password_generator.rb

@@ -0,0 +1,18 @@
+module Clandestine
+  class PasswordGenerator
+    LETTERS = ('a'..'z').to_a + ('A'..'Z').to_a
+    NUMS = ('0'..'9').to_a * 5
+    CHARS = ['!', '@', '#', '$', '%', '^', '&', '*', '(', ')'] * 5
+
+    def self.random_password
+      password = ''
+      generator = Random.new(Random.srand)
+      chars = LETTERS + NUMS + CHARS
+      chars.shuffle!
+      12.times do |n|
+        password << chars[generator.rand(0..chars.size - 1)]
+      end
+      password
+    end
+  end
+end

data/lib/clandestine/safe.rb

@@ -1,54 +1,81 @@
+require 'pstore'
+require_relative 'crypt'
+require_relative 'safe_location'
+require_relative 'safe_authentication'
+
 module Clandestine
-  # The Safe class interacts with a file (safe),
-  # storing, retrieving, or removing data from it.
   class Safe
-    include Clandestine::Crypt
-    include Clandestine::Config
-    
-    # Default initialization of safe 
-    # in PASSWORD_SAFE location
-    def initialize(safe_location = Clandestine::Config::CONFIG_PATH)
-      @safe_location = safe_location
-      File.new @safe_location, 'w' unless File.exists?(@safe_location) || File.symlink?(@safe_location)
-      if File.symlink?(@safe_location) && !File.exists?(File.readlink @safe_location)
-        FileUtils.rm_f File.readlink @safe_location
+
+    attr_reader :safe, :password, :location
+    private :safe, :password, :location
+
+    def initialize(password)
+      @password = password
+      @location = ENV['CLANDESTINE_SAFE'] || SAFE_LOCATION
+      @safe = PStore.new(location)
+      if first_access(location)
+        open do |s|
+          safe[:safe_password] = Crypt.hash_password(IO.get_password(true))
+        end
       end
     end
-  
-    # Empties safe by writing nil to file
-    def empty_safe
-      if File.exists? @safe_location
-        File.open(@safe_location, 'w') { |f| f << nil }
+
+    def open
+      safe.transaction do
+        yield self
       end
     end
-    
-    # Checks for contents in safe
-    def empty?
-      if File.symlink? @safe_location 
-        IO.readlines(File.readlink @safe_location).empty? if File.exists? File.readlink @safe_location
-      else
-        IO.readlines(@safe_location).empty?
-      end
+
+    def contents
+      contents = safe.roots
+      contents.delete(:safe_password)
+      contents
+    end
+
+    def [](key)
+      return if !exists?(key)
+      SafeAuthentication.authenticate(safe, password)
+      value = safe[key]
+      Crypt.decrypt(value, password)
+    end
+
+    alias :get :[]
+
+    def []=(key, value)
+      SafeAuthentication.authenticate(safe, password)
+      safe[key] = Crypt.encrypt value, password
+      true
+    end
+
+    alias :add :[]=
+
+    def delete(key)
+      SafeAuthentication.authenticate(safe, password)
+      safe.delete(key)
+      true
+    end
+
+    def update_safe_password(new_password)
+      SafeAuthentication.authenticate(safe, password)
+      safe[:safe_password] = Crypt.hash_password(new_password)
+      true
+    end
+
+    def remove
+      SafeAuthentication.authenticate(safe, password)
+      File.delete location
+      true
+    end
+
+    def exists?(key)
+      SafeAuthentication.authenticate(safe, password)
+      !safe[key].nil?
     end
-  
-    # Removes safe from file system
-    def self_destruct
-      FileUtils.rm_f File.readlink @safe_location if File.symlink? @safe_location
-      FileUtils.rm_f @safe_location
-    end
-  
-    # Unlocks the safe by decrypting the data
-    # currently in the safe with the specified password
-    # If the password is incorrect an OpenSSL::Cipher::CipherError
-    # exception is thrown
-    def unlock(password)
-       decrypt(IO.readlines(@safe_location).join, password) unless File.zero? @safe_location
-    end
-  
-    # Locks the safe by encrypting the data with the
-    # specified password
-    def lock(data, password)
-      File.open(@safe_location, 'w') { |f| f << encrypt(data, password) }
+
+    private
+
+    def first_access(location)
+      !File.exists?(location) || ::IO.readlines(location).empty?
     end
   end
 end

data/lib/clandestine/safe_authentication.rb

@@ -0,0 +1,18 @@
+require_relative 'crypt'
+require_relative 'clandestine_error'
+
+module Clandestine
+  class SafeAuthentication
+
+    def self.authenticate(safe, password)
+      abort 'Invalid password!' unless authenticated?(safe, password)
+      true
+    end
+
+    private
+
+    def self.authenticated?(safe, password)
+      Crypt.matches(safe[:safe_password], password)
+    end
+  end
+end

data/lib/clandestine/safe_location.rb

@@ -0,0 +1,3 @@
+module Clandestine
+  SAFE_LOCATION = "#{ENV['HOME']}/.cls"
+end

data/lib/clandestine/version.rb

@@ -1,3 +1,3 @@
 module Clandestine
-  VERSION = "0.0.1"
+  VERSION = "0.1.0"
 end

data/spec/commands_spec.rb

@@ -0,0 +1,98 @@
+require 'spec_helper'
+require 'clandestine/commands'
+require 'clandestine/crypt'
+require 'clandestine/safe'
+require 'bcrypt'
+require 'pstore'
+
+module Clandestine
+  describe Commands do
+
+    before :each do
+      @temp_dir = File.dirname(__FILE__) + "/tmp"
+      Dir.mkdir(@temp_dir) unless File.exists? @temp_dir
+      ENV['CLANDESTINE_SAFE'] = "#{@temp_dir}/pswds"
+      store = PStore.new "#{@temp_dir}/pswds"
+      store.transaction do |s|
+        s[:safe_password] = BCrypt::Password.create 'password'
+        s[:gmail] = Crypt.encrypt 'gmail_password', 'password'
+      end
+    end
+
+    after :each do
+      passwords = "#{@temp_dir}/pswds"
+      File.delete passwords if File.exists? passwords
+      Dir.rmdir @temp_dir if File.exists? @temp_dir
+    end
+
+    describe '.version' do
+      it 'prints version' do
+        Commands.version.should eq VERSION
+      end
+    end
+
+    describe '.add' do
+      it 'adds key and password to safe' do
+        PasswordGenerator.should_receive(:random_password).and_return 'twitter_password'
+        Commands.add 'twitter', 'password'
+        Safe.new('password').open do |s|
+          s[:twitter].should eq 'twitter_password'
+        end
+      end
+    end
+
+    describe '.get' do
+      context 'without argument' do
+        it 'prints accounts' do
+          Commands.get(nil, 'password').should eq [:gmail]
+        end
+      end
+
+      context 'with argument' do
+        it 'gets password for key from safe' do
+          IO.should_receive(:get_password).and_return "password"
+          Commands.get('gmail').should eq 'gmail_password'
+        end
+      end
+    end
+
+    describe '.delete' do
+      context 'with argument' do
+        it 'deletes key and password from safe' do
+          Commands.delete 'gmail', 'password'
+          Safe.new('password').open do |s|
+            s.contents.should be_empty
+          end
+        end
+      end
+    end
+
+    describe '.update' do
+      it 'updates password related to key' do
+        PasswordGenerator.should_receive(:random_password).and_return 'updated_password'
+        Commands.update 'gmail', 'password'
+        Safe.new('password').open do |s|
+          s[:gmail].should eq 'updated_password'
+        end
+      end
+    end
+
+    describe '.location' do
+      it 'shows current safe location' do
+        Commands.location.should eq "#{@temp_dir}/pswds"
+      end
+
+      it 'defaults to ENV["HOME"]/.pswds' do
+        ENV.delete('CLANDESTINE_SAFE')
+        Commands.location.should eq "#{ENV['HOME']}/.cls"
+      end
+    end
+
+    describe '.remove' do
+      it 'removes safe from file system' do
+        Commands.remove 'password'
+        File.exists?(ENV['CLANDESTINE_SAFE'] = "#{@temp_dir}/pswds").should eq false
+      end
+    end
+  end
+end

data/spec/crypt_spec.rb

@@ -1,11 +1,26 @@
 require 'spec_helper'
+require 'clandestine/crypt'
 
 describe Clandestine::Crypt do
-  include Clandestine::Crypt
-  it "should encrypt data" do
-    encrypt("this is a test",'password').should_not eql "this is a test"
+
+  describe '#encrypt' do
+    it 'encrypts data with password' do
+      encrypted = Clandestine::Crypt.encrypt("myaccountpassword", "safe_password")
+      encrypted.should_not eql "myaccountpassword"
+      encrypted.should_not eql nil
+    end
   end
-  it "should decrypt data" do
-    decrypt(encrypt("this is a test",'password'), 'password').should eql "this is a test"
+
+  describe '#decrypt' do
+    it 'decrypts data with password' do
+      decrypted = Clandestine::Crypt.decrypt("OePyNbyDMUbza5zUVor4wWS8Tb5u26FmxGXpC9XENWeMNJYJj1WKJlDOZYxG\nXpSqHSSNaT4dhUsX+T7abgZ1qg==\n", "safe_password")
+      decrypted.should eql "myaccountpassword"
+    end
+
+    it 'does not decrypt with wrong password' do
+      expect {
+        Clandestine::Crypt.decrypt("OePyNbyDMUbza5zUVor4wWS8Tb5u26FmxGXpC9XENWeMNJYJj1WKJlDOZYxG\nXpSqHSSNaT4dhUsX+T7abgZ1qg==\n", "wrong_password")
+      }.to raise_error Clandestine::ClandestineError
+    end
   end
 end