pws 0.9.2 → 1.0.0.pre.1

data/lib/pws.rb

@@ -1,5 +1,7 @@
+# encoding: ascii
 require_relative 'pws/version'
 require_relative 'pws/encryptor'
+require_relative 'pws/format'
 
 require 'fileutils'
 require 'clipboard'
@@ -9,8 +11,9 @@ require 'paint/pa'
 
 class PWS
   class NoAccess < StandardError; end
+  class NoLegacyAccess < NoAccess; end
   
-  attr_reader :filename, :options
+  attr_reader :filename
   
   # Creates a new password safe. Takes the path to the password file, by default: ~/.pws
   # Second parameter allows namespaces that get appended to the file name (uses another safe) 
@@ -20,16 +23,7 @@ class PWS
     @filename = File.expand_path(@options[:filename])
     @filename << '-' << @options[:namespace] if @options[:namespace]
     
-    access_safe(options[:password])
-    read_safe
-  end
-  
-  def collect_options(options = {})
-    @options = options
-    @options[:filename] ||= ENV["PWS"]          || '~/.pws'
-    @options[:seconds]  ||= ENV['PWS_SECONDS']  || 10
-    @options[:length]   ||= ENV['PWS_LENGTH']   || 64
-    @options[:charpool] ||= ENV['PWS_CHARPOOL'] || (33..126).map(&:chr).join
+    read_safe(options[:password])
   end
   
   # Shows a password entry list
@@ -42,13 +36,24 @@ class PWS
       else
         keys = @data.keys
       end
-      puts Paint["Entries", :underline] + %[ in ] + @filename
-      puts keys.sort.map{ |key| %[- #{key}\n] }.join
+      
+      if keys.empty?
+        pa %[No passwords found for pattern /#{pattern}/], :red
+      else
+        puts Paint["Entries", :underline] + %[ in ] + @filename
+        longest_key_size = keys.max_by(&:size).size
+        puts keys.sort.map{ |key|
+          "- #{
+            Paint[key, :bold]
+          } #{ 
+            Time.at(@data[key][:timestamp].to_i).strftime('%y-%m-%d') if @data[key][:timestamp].to_i != 0
+          }\n"
+        }.join
+      end
     end
     return true
   rescue RegexpError
-    pa %[Invalid regex given], :red
-    return false
+    raise ArgumentError, %[Invalid regex given]
   end
   aliases_for :show, :ls, :list, :status
   
@@ -58,25 +63,45 @@ class PWS
       pa %[There is already a password stored for #{key}. You need to remove it before creating a new one!], :red
       return false
     else
-      @data[key] = password || ask_for_password(%[please enter a password for #{key}], :yellow)
-      if @data[key].empty?
-        pa %[Cannot add an empty password!], :red
-        return false
+      @data[key] = {}
+      @data[key][:password] = password || ask_for_password(%[please enter a password for #{key}], :yellow)
+      if @data[key][:password].empty?
+        raise ArgumentError, %[Cannot set an empty password!]
       else
+        @data[key][:timestamp] = Time.now.to_i
         write_safe
         pa %[The password for #{key} has been added], :green
         return true
       end
     end
   end
-  aliases_for :add, :set, :store, :create, :[]=
+  aliases_for :add, :set, :store, :create
+  
+  # Updates a password entry, params: name, password (optional, opens prompt if not given)
+  def update(key, password = nil)
+    if !@data[key]
+      pa %[There is no password stored for #{key}, so you cannot update it!], :red
+      return false
+    else
+      @data[key][:password] = password || ask_for_password(%[please enter a new password for #{key}], :yellow)
+      if @data[key][:password].empty?
+        raise ArgumentError, %[Cannot set an empty password!]
+      else
+        @data[key][:timestamp] = Time.now.to_i
+        write_safe
+        pa %[The password for #{key} has been updated], :green
+        return true
+      end
+    end
+  end
+  aliases_for :update, :change
   
   # Gets the password entry and copies it to the clipboard. The second parameter is the time in seconds it stays there
   def get(key, seconds = @options[:seconds])
-    if pw_plaintext = @data[key]
+    if password = @data[key] && @data[key][:password]
       if seconds && seconds.to_i > 0
         original_clipboard_content = Clipboard.paste
-        Clipboard.copy pw_plaintext
+        Clipboard.copy password
         pa %[The password for #{key} is now available in your clipboard for #{seconds.to_i} second#{?s if seconds.to_i > 1}], :green
         begin
           sleep seconds.to_i
@@ -87,7 +112,7 @@ class PWS
         Clipboard.copy original_clipboard_content
         return true
       else
-        Clipboard.copy pw_plaintext
+        Clipboard.copy password
         pa %[The password for #{key} has been copied to your clipboard], :green
         return true
       end
@@ -148,20 +173,25 @@ class PWS
   
   # Changes the master password
   def master(password = nil)
-    if !password
+    unless @password = password
       new_password = ask_for_password(%[please enter the new master password], :yellow, :bold)
-      password     = ask_for_password(%[please enter the new master password, again], :yellow, :bold)
-      if new_password != password
-        pa %[The passwords don't match!], :red
-        return false
+      @password    = ask_for_password(%[please enter the new master password, again], :yellow, :bold)
+      if new_password != @password
+        raise ArgumentError, %[The passwords don't match!]
       end
     end
-    @hash = Encryptor.hash(password)
     write_safe
     pa %[The master password has been changed], :green
     return true
   end
   
+  # Just writes the safe, useful for converting with --in and --out
+  def resave
+    write_safe
+    pa %[The password file has been resaved], :green
+    return true
+  end
+  
   # Prevents accidental displaying, e.g. in irb
   def to_s
     %[#<password safe>]
@@ -169,78 +199,77 @@ class PWS
   alias_for :to_s, :inspect
   
   private
+
+  def collect_options(options = {})
+    @options = options
+    @options[:filename] ||= ENV["PWS"]          || '~/.pws'
+    @options[:seconds]  ||= ENV['PWS_SECONDS']  || 10
+    @options[:length]   ||= ENV['PWS_LENGTH']   || 64
+    @options[:charpool] ||= ENV['PWS_CHARPOOL'] || (33..126).map(&:chr).join
+    @options[:in]       ||= ENV['PWS_FORMAT']   || VERSION
+    @options[:out]      ||= ENV['PWS_FORMAT']   || VERSION
+  end
   
+  # Checks if the file is accessible or create a new one
   # Tries to load and decrypt the password safe from the pwfile
-  def read_safe
-    pwdata_raw       = File.read(@filename)
-    pwdata_encrypted = pwdata_raw.force_encoding("ascii")
-    pwdata_dump      = Encryptor.decrypt(pwdata_encrypted, @hash)
-    pwdata_with_redundancy = Marshal.load(pwdata_dump)
-    @data          = remove_redundancy(pwdata_with_redundancy)
+  def read_safe(password = nil)
+    if File.file?(@filename)
+      print %[Access password safe at #@filename | ]
+      @password = password || ask_for_password(%[master password])
+      encrypted_data = File.read(@filename)
+      
+      @data = Format.read(
+        encrypted_data,
+        password: @password,
+        format: @options[:in],
+      )
+    else
+      create_safe(password)
+    end 
+
     pa %[ACCESS GRANTED], :green
-  rescue
-    fail NoAccess, %[Could not load and decrypt the password safe!]
   end
   
+  
   # Tries to encrypt and save the password safe into the pwfile
-  def write_safe(new_safe = false)
-    pwdata_with_redundancy = add_redundancy(@data || {})
-    pwdata_dump      = Marshal.dump(pwdata_with_redundancy)
-    pwdata_encrypted = Encryptor.encrypt(pwdata_dump, @hash)
-    if new_safe
-      FileUtils.mkdir_p(File.dirname(@filename))
-      FileUtils.touch(@filename)
-      File.chmod(0600, @filename)
-    end
-    File.open(@filename, 'w'){ |f| f.write(pwdata_encrypted) }
-  rescue
-    fail NoAccess, %[Could not encrypt and save the password safe!]
+  def write_safe
+    encrypted_data = Format.write(
+      @data,
+      password: @password,
+      format: @options[:out],
+      iterations: @options[:iterations], # TODO
+    )
+    File.open(@filename, 'w'){ |f| f.write(encrypted_data) }
   end
   
-  # Checks if the file is accessible or create a new one
-  def access_safe(password = nil)
-    if !File.file? @filename
-      pa %[No password safe detected, creating one at #@filename], :blue, :bold
-      @hash = Encryptor.hash password || ask_for_password(%[please enter a new master password], :yellow, :bold)
-      write_safe(true)
-    else
-      print %[Access password safe at #@filename | ]
-      @hash = Encryptor.hash password || ask_for_password(%[master password])
+  def create_safe(password = nil)
+    pa %[No password safe detected, creating one at #@filename], :blue, :bold
+    unless @password = password
+      new_password = ask_for_password(%[please enter the new master password], :yellow, :bold)
+      @password    = ask_for_password(%[please enter the new master password, again], :yellow, :bold)
+      if new_password != @password
+        raise ArgumentError, %[The passwords don't match!]
+      end
     end
-  end
-  
-  # Adds some redundancy (to conceal how much you have stored)
-  def add_redundancy(pw_data)
-    entries  = 8000 + SecureRandom.random_number(4000)
-    position = SecureRandom.random_number(entries)
-    
-    ret = entries.times.map{ # or whatever... just create noise ;)
-      { SecureRandom.uuid.chars.to_a.shuffle.join => SecureRandom.uuid.chars.to_a.shuffle.join }
-    }
-    ret[position] = pw_data
-    ret << position
     
-    ret
-  end
-  
-  # And remove it
-  def remove_redundancy(pw_data)
-    position = pw_data[-1]
-    pw_data[position]
+    FileUtils.mkdir_p(File.dirname(@filename))
+    @data = {}
+    write_safe
+    File.chmod(0600, @filename)
   end
   
   # Prompts the user for a password
   def ask_for_password(prompt = 'new password', *colors)
     print Paint["#{prompt}:".capitalize, *colors] + " "
     system 'stty -echo' if $stdin.tty?     # no more terminal output
-    pw_plaintext = ($stdin.gets||'').chop  # gets without $stdin would mistakenly read_safe from ARGV
+    password = ($stdin.gets||'').chop      # gets without $stdin would mistakenly read_safe from ARGV
     system 'stty echo'  if $stdin.tty?     # restore terminal output
     puts "\e[999D\e[K\e[1A" if $stdin.tty? # re-use prompt line in terminal
     
-    pw_plaintext
+    password
   end
 end
 
-# Command line action in bin/pws
+# Command line action in pws/runner.rb
 
 # J-_-L

data/lib/pws/encryptor.rb

@@ -1,40 +1,44 @@
 require 'openssl'
 
+# This encryptor class wraps around openssl to simplify
+# en/decryption using AES 256 CBC
+# Please note: Failed en/decryptions will raise errors
 module PWS::Encryptor
   class << self
     CIPHER = 'aes-256-cbc'
-
-    def decrypt( iv_and_data, pwhash )
-      iv, data = iv_and_data[0,16], iv_and_data[16..-1]
-      crypt :decrypt, data, pwhash, iv
-    end
-
-    def encrypt( data, pwhash )
-      iv = random_iv
-      encrypted_data = crypt :encrypt, data, pwhash, iv
-      iv + encrypted_data
+    
+    def decrypt(encrypted_data, options = {})
+      crypt(
+        :decrypt,
+        encrypted_data,
+        options[:key],
+        options[:iv],
+      )
     end
-
-    def hash( plaintext )
-      OpenSSL::Digest::SHA512.new( plaintext ).digest
+    
+    def encrypt(unecrypted_data, options = {})
+      crypt(
+        :encrypt,
+        unecrypted_data,
+        options[:key],
+        options[:iv],
+      )
     end
-
-    # you need a random iv for cbc mode. It is prepended to the encrypted text.
+    
     def random_iv
-      a = OpenSSL::Cipher.new CIPHER
-      a.random_iv
+      OpenSSL::Cipher.new(CIPHER).random_iv
     end
-
+    
     private
-
+    
     # Encrypts or decrypts the data with the password hash as key
     # NOTE: encryption exceptions do not get caught here!
-    def crypt( decrypt_or_encrypt, data, pwhash, iv )
-      c = OpenSSL::Cipher.new CIPHER
-      c.send decrypt_or_encrypt.to_sym
-      c.key = pwhash
+    def crypt(decrypt_or_encrypt, data, key, iv)
+      c = OpenSSL::Cipher.new(CIPHER)
+      c.send(decrypt_or_encrypt.to_sym)
+      c.key = key
       c.iv  = iv
-      c.update( data ) << c.final
+      c.update(data) << c.final
     end
   end
 end

data/lib/pws/format.rb

@@ -0,0 +1,103 @@
+# encoding: ascii
+require_relative '../pws'
+
+class PWS
+  # The purpose of this module is redirecting to the proper format version module
+  # It also reads and writes the generic header (identifier + pws version)
+  # Format module can be specified by two integers, support for symbols may be
+  # added sometime to support special formats
+  # See for example: pws/format/1.0
+  module Format
+    IN  = [[0,9], [1,0]]
+    OUT = [[1,0]]
+  
+    class << self
+      def read(saved_data, options = {})
+        raise ArgumentError, 'No password file given' unless saved_data
+        format = normalize_format(options.delete(:format))
+        
+        if format && !IN.include?(format)
+          raise ArgumentError, "Input format <#{format.join('.')}> is not supported"
+        end
+        
+        if format == [0,9]
+          encrypted_data = saved_data
+        else
+          raise(PWS::NoAccess, 'Password file not valid') if \
+              saved_data.size <= 11
+          identifier, *file_format, encrypted_data =
+              saved_data.unpack("a8 C2 x a*")
+          raise(PWS::NoLegacyAccess, 'Password file not valid') unless \
+              identifier == '12345678'
+          format ||= normalize_format(file_format) # --in option wins againts read file_format
+          
+          if !IN.include?(format)
+            raise PWS::NoAccess, "Input format <#{format.join('.')}> is not supported"
+          end
+        end
+        
+        
+        self[format].read(encrypted_data, options)
+      end
+      
+      def write(application_data, options)
+        format = normalize_format(options.delete(:format) || PWS::VERSION)
+        
+        raise ArgumentError, "Output format <#{format.join('.')}> is not supported" \
+            unless OUT.include?(format)
+            
+        [
+          '12345678',
+          *format,
+          self[format].write(application_data, options),
+        ].pack('a8 C2 x a*')
+      end
+      
+      # Returns the proper file format module for a given format identifier
+      # @return Module
+      def [](format)
+        error_message = 'Can only find format modules for symbols or arrays with exactly two integers'
+        case format
+        when Array
+          raise ArgumentError, error_message unless \
+              format.size == 2 && format[0].is_a?(Integer) && format[1].is_a?(Integer)
+          require_relative "format/#{ format.join('.') }"
+          module_name = "V#{ format.join('_') }"
+          return const_get(module_name)
+        when Symbol
+          require_relative "format/#{ format.to_s.gsub(/[^a-z_]/,'') }"
+          return const_get(format.capitalize)
+        end
+        
+        raise ArgumentError, error_message
+      end
+      
+      # Converts various version formats into an array of two integers
+      # Symbols won't be changed
+      def normalize_format(raw_format)
+        case raw_format 
+        when Symbol
+          return raw_format
+        when Array
+          format = raw_format[0,2]
+        when String, Float, Integer
+          format = raw_format.to_s.split('.')[0,2]
+        when nil
+          return nil
+        end
+        
+        if !format || !format.is_a?(Array) || !format[0]
+          raise ArgumentError, 'Invalid format given'
+        else
+          format.map!(&:to_i)
+          format[1] ||= 0
+        end
+        
+        format
+      end
+      
+    end#self
+  end#Format
+end#PWS
+
+# J-_-L