keybox 1.0.0

data/lib/keybox/storage.rb

@@ -0,0 +1,2 @@
+require 'keybox/storage/record'
+require 'keybox/storage/container'

data/lib/keybox/storage/container.rb

@@ -0,0 +1,307 @@
+require 'keybox/cipher'
+require 'keybox/digest'
+require 'keybox/storage/record'
+require 'keybox/uuid'
+require 'keybox/randomizer'
+require 'keybox/error'
+require 'openssl'
+require 'yaml'
+
+module Keybox
+    module Storage
+        ##
+        # The container of the Keybox records.  The Container itself is
+        # a Keybox::Storage::Record with a few extra methods.
+        #
+        # A instance of a Container is created with a assprhase and a
+        # path to a file.  The passphrase can be anything that has a
+        # to_s method.
+        #
+        #   container = Keybox::Storage::Container.new("i love ruby", "/tmp/database.yml")
+        #
+        # This will load from the given file with the given passphrase
+        # if the file exists, or it will initalize the container to
+        # accept records.
+        #
+        # The records are held decrypted in memory, so keep that in mind
+        # if that is a concern.
+        #  
+        # Add Records
+        #
+        #   record = Keybox::Storage::Record.new
+        #   record.field1 = "data"
+        #   record.field1 = "some more data"
+        #   
+        #   container << record
+        #
+        # Delete Records
+        #
+        #   container.delete(record)
+        # 
+        # There is no 'update' record, just delete it and add it.
+        #
+        # Find a record accepts a string and will look in all the
+        # records it contains for anything that matches it.  It coerces
+        # strings into +Regexp+ so any regex can be used here too.
+        #
+        #   container.find("data")
+        #
+        # Report if the container or any of its records have been
+        # modified:
+        #
+        #   container.modified?
+        #
+        # Save the container to its default location:
+        #
+        #   container.save
+        #
+        # Or to some other location
+        #
+        #   container.save("/some/other/path.yml")
+        # 
+        # Direct access to the decrypted records is also available
+        # through the +records+ accessor.
+        #
+        #   container.records #=> Array of Keybox::Storage::Record
+        #
+        class Container < Keybox::Storage::Record
+
+            attr_reader     :records
+
+            ITERATIONS = 2048 
+            def initialize(passphrase,path)
+                super()
+
+                @path        = path
+                @passphrase  = passphrase
+                @records     = []
+
+                if not load_from_file then
+                    self.version                    = Keybox::VERSION
+                    
+                    self.key_calc_iterations        = ITERATIONS
+                    self.key_digest_salt            = Keybox::RandomDevice.random_bytes(32)
+                    self.key_digest_algorithm       = Keybox::Digest::DEFAULT_ALGORITHM
+                    self.key_digest                 = calculated_key_digest(passphrase)
+
+                    self.records_init_vector        = Keybox::RandomDevice.random_bytes(16)
+                    self.records_cipher_algorithm   = Keybox::Cipher::DEFAULT_ALGORITHM
+
+                    self.records_encrypted_data     = ""
+                    self.records_digest_salt        = Keybox::RandomDevice.random_bytes(32)
+                    self.records_digest_algorithm   = Keybox::Digest::DEFAULT_ALGORITHM
+                    self.records_digest             = ""
+                end
+            end
+
+            #
+            # Change the master password of the container
+            #
+            def passphrase=(new_passphrase)
+                @passphrase                 = new_passphrase
+                self.key_digest_salt        = Keybox::RandomDevice.random_bytes(32)
+                self.key_digest             = calculated_key_digest(new_passphrase)
+                self.records_init_vector    = Keybox::RandomDevice.random_bytes(16)
+                self.records_digest_salt    = Keybox::RandomDevice.random_bytes(32)
+            end
+
+            #
+            # load from file, if this is successful then replace the
+            # existing member fields on this instance with the data from
+            # the file
+            #
+            def load_from_file
+                return false unless File.exists?(@path)
+                return false unless tmp = YAML.load_file(@path)
+                @creation_time      = tmp.creation_time
+                @modification_time  = tmp.modification_time
+                @last_access_time   = tmp.last_access_time
+                @data_members       = tmp.data_members
+                @uuid               = tmp.uuid
+                validate_passphrase
+                decrypt_records
+                validate_decryption
+                load_records
+                @modified = false
+                true
+            end
+
+            #
+            # save the current container to a file
+            #
+            def save(path = @path)
+                calculate_records_digest 
+                encrypt_records
+                File.open(path,"w") do |f|
+                    f.write(self.to_yaml)
+                end
+
+                # mark everything as not modified
+                @records.each do |record|
+                    record.modified = false
+                end
+                @modified = false
+            end
+
+            #
+            # calculate the encryption key from the initial passphrase
+            #
+            def calculated_key(passphrase = @passphrase)
+                key = self.key_digest_salt + passphrase
+                self.key_calc_iterations.times do 
+                    key = Keybox::Digest::CLASSES[self.key_digest_algorithm].digest(key)
+                end
+                return key
+            end
+
+            # 
+            # calculate the key digest of the encryption key
+            #
+            def calculated_key_digest(passphrase)
+                Keybox::Digest::CLASSES[self.key_digest_algorithm].hexdigest(calculated_key(passphrase))
+            end
+
+            #
+            # Add a record to the system
+            #
+            def <<(obj)
+                if obj.respond_to?("needs_container_passphrase?") and obj.needs_container_passphrase? then
+                    obj.container_passphrase = @passphrase
+                end
+                @records << obj
+            end
+
+            #
+            # The number of Records in the Container
+            #
+            def length
+                @records.size
+            end
+
+            #
+            # The number of Records in the Container
+            #
+            def size
+                @records.size
+            end
+
+            #
+            # Delete a record from the system, we force a modified flag
+            # here since the underlying Record wasn't 'assigned to' we
+            # have to force modification notification.
+            #
+            def delete(obj)
+                @records.delete(obj)
+                @modified = true
+            end
+
+            #
+            # Search only records that have a +url+ field
+            #
+            def find_by_url(url)
+                find(url,%w(url))
+            end
+
+            #
+            # Search all the records in the database finding any that
+            # match the search string passed in.  The Search string is
+            # converted to a Regexp before beginning.
+            #
+            # A list of restricted fields can also be passed in and the
+            # regexp will only be matched against those fields
+            #
+            def find(search_string,restricted_to = nil)
+                regex = Regexp.new(search_string)
+                matches = []
+                @records.each do |record|
+                    restricted_to = restricted_to || ( record.fields - %w(password) )
+                    record.data_members.each_pair do |k,v|
+                        if regex.match(v) and restricted_to.include?(k.to_s) then
+                            matches << record
+                            break
+                        end
+                    end
+                end
+                return matches
+            end
+
+            #
+            # See if we are modified, or if any of the records are
+            # modified
+            #
+            def modified?
+                return true if super
+                @records.each do |record|
+                    return true if record.modified?
+                end
+                return false
+            end
+
+            private
+
+            #
+            # calculate the key digest of the input pass phrase and
+            # compare that to the digest in the data file.  If they are
+            # the same, then the pass phrase should be the correct one
+            # for the data.
+            #
+            def validate_passphrase
+                raise Keybox::ValidationError, "Passphrase digests do not match.  The passphrase given does not decrypt the data in this file." unless key_digest == calculated_key_digest(@passphrase)
+            end
+
+            #
+            # encrypt the data in the records and store it in
+            # records_encrypted_data
+            #
+            def encrypt_records
+                cipher     = OpenSSL::Cipher::Cipher.new(self.records_cipher_algorithm)
+                cipher.encrypt
+                cipher.key = calculated_key
+                cipher.iv  = self.records_init_vector
+                self.records_encrypted_data  = cipher.update(@records.to_yaml) 
+                self.records_encrypted_data << cipher.final
+            end
+
+            #
+            # decrypt the data in the record_data and store it in
+            # records
+            #
+            def decrypt_records
+                cipher     = OpenSSL::Cipher::Cipher.new(self.records_cipher_algorithm)
+                cipher.decrypt
+                cipher.key = calculated_key
+                cipher.iv  = self.records_init_vector
+                @decrypted_yaml  = cipher.update(self.records_encrypted_data)
+                @decrypted_yaml << cipher.final
+            end
+
+            #
+            # make sure that the decrypted data is validated against its
+            # hash
+            #
+            def validate_decryption
+                digest = Keybox::Digest::CLASSES[self.records_digest_algorithm]
+                hexdigest = digest.hexdigest(self.records_digest_salt + @decrypted_yaml)
+                raise Keybox::ValidationError, "Record digests do not match. The given passphrase does not decrypt the data." unless hexdigest == self.records_digest
+            end
+
+
+            def calculate_records_digest
+                digest = Keybox::Digest::CLASSES[self.records_digest_algorithm]
+                self.records_digest = digest.hexdigest(self.records_digest_salt + @records.to_yaml)
+            end
+
+            def load_records
+                @records = YAML.load(@decrypted_yaml)
+
+                # if a record wants, it can have a reference to the
+                # container.
+                @records.each do |record|
+                    if record.respond_to?("needs_container_passphrase?") and record.needs_container_passphrase? then
+                        record.container_passphrase = @passphrase
+                    end
+                end
+            end
+       end
+    end
+end

data/lib/keybox/storage/record.rb

@@ -0,0 +1,103 @@
+module Keybox
+    module Storage
+
+        ## 
+        # Record is very similar to an OStruct but it keeps track of the
+        # last access, creation and modification times of the object.
+        # Each Record also has a UUID for unique identification.
+        #
+        #   rec = Keybox::Storage::Record.new
+        #
+        #   rec.modified?                   # => false
+        #   rec.some_field = "some value"   # => "some value"
+        #   rec.modified?                   # => true
+        #   rec.modification_time           # => Time
+        #   rec.data_members                # => { :some_field => "some value" }
+        #   rec.uuid.to_s                   # => "4b25074d-d3c5-23cd-bf9f-e28d8c8d453d"
+        #
+        # The +creation_time+, +modification_time+ and +last_access_time+ of
+        # each field in the Record is recorded.
+        #
+        # The UUID is create when the class is instantiated.
+        #
+        class Record 
+
+            attr_reader :creation_time
+            attr_reader :modification_time
+            attr_reader :last_access_time
+            attr_reader :uuid
+            attr_reader :data_members
+
+            PROTECTED_METHODS = [ :creation_time=, :modification_time=, :last_access_time=, 
+                                  :uuid=, :data_members=, :modified, ]
+            def initialize
+                @creation_time     = Time.now
+                @modification_time = @creation_time.dup
+                @last_access_time  = @creation_time.dup
+                @uuid              = Keybox::UUID.new
+                @data_members      = Hash.new
+                @modified          = false
+            end
+
+            def modified?
+                # since this class can be loaded from a YAML file and
+                # modified is not stored in the serialized format, if
+                # @modified is not initialized, initialize it.
+                if not instance_variables.include?("@modified") then
+                    @modified = false
+                end
+                @modified
+            end
+
+            # this is here so that after this class has been serialized
+            # to a file the container can mark it as clean.  The class
+            # should take care of marking itself dirty.
+            def modified=(value)
+                @modified = value
+            end
+
+            def method_missing(method_id, *args)
+                method_name = method_id.id2name
+                member_sym  = method_name.gsub(/=/,'').to_sym
+
+                # guard against assigning to the time data members and
+                # the data_members element
+                if PROTECTED_METHODS.include?(method_id) then
+                    raise NoMethodError, "invalid method #{method_name} for #{self.class.name}", caller(1)
+                end
+
+                # if the method ends with '=' and has a single argument,
+                # then convert the name to the appropriate data member
+                # and store the argument in the hash. 
+                if method_name[-1].chr == "=" then
+                    raise ArgumentError, "'#{method_name}' requires one and only one argument", caller(1) unless args.size == 1
+                    @data_members[member_sym] = args[0]
+                    @modified = true
+                    @modification_time        = Time.now
+                    @last_access_time         = @modification_time.dup
+                elsif args.size == 0 then
+                    @last_access_time = Time.now
+                    @data_members[member_sym]
+                else
+                    raise NoMethodError, "undefined method #{method_name} for #{self.class.name}", caller(1)
+                end
+            end
+
+            def to_yaml_properties
+                %w{ @creation_time @modification_time @last_access_time @data_members @uuid }
+            end
+
+            def ==(other)
+                self.eql?(other)
+            end
+
+            def eql?(other)
+                if other.kind_of?(Keybox::Storage::Record) then
+                    self.uuid == other.uuid
+                else
+                    self.uuid == other
+                end
+            end
+        end
+    end
+end

data/lib/keybox/string_generator.rb

@@ -0,0 +1,194 @@
+require 'keybox/randomizer'
+
+module Keybox
+
+    # base class for string generation.  A string generator can be
+    # called serially to generate a new string in chunks, or all at once
+    # to generate one of a certain size.
+    class StringGenerator
+        attr_accessor :chunks
+        attr_accessor :min_length
+        attr_accessor :max_length
+        attr_accessor :autoclear
+
+        def initialize
+            @chunks = Array.new
+            @min_length = 8
+            @max_length = 10
+            @randomizer = Keybox::Randomizer.new
+            @autoclear = true
+        end
+
+        def generate
+            clear if autoclear
+            generate_chunk until valid?
+            self.to_s
+        end
+
+        def clear
+            @chunks.clear
+        end
+
+        def to_s
+            @chunks.join('')[0...@max_length]
+        end
+
+        def valid?
+            raise Keybox::ValidationError, "max_length (#{max_length}) must be greater than or equal to min_length (#{min_length})", caller if max_length < min_length
+            @chunks.join('').size >= @min_length 
+        end
+
+        def generate_chunk
+            raise Keybox::KeyboxError, "generate_chunk Not Implemented"
+        end
+
+    end
+
+    # CharGramGenerator emits a sequence that is a CharGram of length N.
+    # The ngrams can be the default ones that ship with keybox or an
+    # array passed in.
+    class CharGramGenerator < StringGenerator
+        attr_reader :pool
+
+
+        def initialize(chargram_list = nil)
+            super()
+            wordlist = chargram_list || load_default_chargram_list
+            @pool          = Hash.new
+            wordlist.each do |word|
+                letters = word.split('')
+                letter_set = @pool[letters.first] ||= Array.new
+                letter_set << word
+            end
+        end
+
+        def size
+            @pool.inject(0) { |sum,h| sum + h[1].size }
+        end
+
+        # return a random chargram from the pool indidcated by the last
+        # character of the last emitted item
+        def generate_chunk
+            pool_key = ""
+            if @chunks.size > 0 then
+                pool_key = @chunks.pop
+            else
+                pool_key = @randomizer.pick_one_from(@pool.keys)
+            end
+            new_chunk = @randomizer.pick_one_from(@pool[pool_key])
+            @chunks.concat(new_chunk.split(//))
+            new_chunk
+        end
+
+        private
+
+        def load_default_chargram_list
+            list = []
+            File.open(File.join(Keybox::APP_DATA_DIR,"chargrams.txt")) do |f|
+                f.each_line do |line|
+                    next if line =~ /^#/
+                    list << line.rstrip
+                end
+            end
+            list
+        end
+    end
+
+    module SymbolSet
+        LOWER_ASCII   = ("a".."z").to_a
+        UPPER_ASCII   = ("A".."Z").to_a
+        NUMERAL_ASCII = ("0".."9").to_a
+        SPECIAL_ASCII = ("!".."/").to_a + (":".."@").to_a + %w( [ ] ^ _ { } | ~ )
+        ALL = LOWER_ASCII + UPPER_ASCII + NUMERAL_ASCII + SPECIAL_ASCII
+
+        MAPPING = {
+            "lower"     => LOWER_ASCII,
+            "upper"     => UPPER_ASCII,
+            "numerical" => NUMERAL_ASCII,
+            "special"   => SPECIAL_ASCII,
+            "all"       => ALL
+        }
+    end
+
+    # 
+    # SymbolSetGenerator uses symbol sets and emits a single character
+    # from the aggregated symobl sets that the instance is wrapping.
+    #
+    # That is When a SymbolSetGenerator is instantiated, it can take a
+    # list of symbol sets (a-z, A-Z, 0-9) etc as parameters.  Those sets
+    # are merged and when 'emit' is called a string of length 1 is
+    # returned from the aggregated symbols
+    #
+    class SymbolSetGenerator < StringGenerator
+        include SymbolSet
+
+        attr_accessor :required_sets
+        
+        def initialize(set = ALL)
+            super()
+            @symbols = set.flatten.uniq
+            @required_sets = []
+        end
+
+        # every time we access the symbols set we need to make sure that
+        # the required symbols are a part of it, and if they aren't then
+        # make sure they are.
+        def symbols
+            if @required_sets.size > 0 then
+                if not @symbols.include?(@required_sets.first[0]) then
+                    @symbols << @required_sets
+                    @symbols.flatten!
+                    @symbols.uniq!
+                end
+            end
+            @symbols 
+        end
+
+        def required_generated?
+            result = true
+            @required_sets.each do |set|
+                set_found = false
+                @chunks.each do |chunk|
+                    if set.include?(chunk) then
+                        set_found = true
+                        break
+                    end
+                end
+                result = (result and set_found)
+            end
+            return result
+        end
+
+        # we force generation of the required sets at the beginning the
+        # first time we are called.
+        def generate_chunk
+            chunk = ""
+            if required_generated? then
+                @chunks << @randomizer.pick_one_from(symbols)
+                chunk = @chunks.last
+            else
+                req = generate_required
+                @chunks.concat(req)
+                chunk = req.join('')
+            end
+            return chunk
+        end
+
+        # valid for the symbol set generator means the parent classes
+        # validity and that we have in the 
+        def valid?
+            super and required_generated?
+        end
+
+        private
+
+        # generate symbols from the required sets 
+        def generate_required
+            req = []
+            required_sets.each do |set|
+                req << @randomizer.pick_one_from(set)
+            end
+            return req
+        end
+    end
+end