reedb 0.10.rc1

data/lib/reedb/security/aes.rb

@@ -0,0 +1,94 @@
+# ====================================================
+# Copyright 2015 Random Robot Softworks (see @author)
+# @author: Leander Sabel | www.2rsoftworks.de
+#
+# Distributed under the GNU Lesser GPL Version 3
+# (See accompanying LICENSE file or get a copy at
+# 	https://www.gnu.org/licenses/lgpl.html)
+# ====================================================
+
+require_relative 'encryption'
+require 'aes'
+
+module Reedb
+	class RAES < MCypher
+		def initialize
+			super # => Super constructor
+		end
+
+		# Starts the encryption and loads a key by either generating a new one
+		# or loading an encrypted one from file.
+		#
+		def start_encryption(password, raw_key = nil)
+			if raw_key != nil
+				# => Decrypting key with user password
+				@key = AES.decrypt(raw_key, password)
+			else
+				# => Generating new key and encrypting it with user pw
+				@key = AES.key
+				key_encrypted = AES.encrypt(@key, password)
+			end
+			
+			# => At this point @key should be the unencrypted key!
+			@init = true
+			return key_encrypted
+		end
+
+		# Tries to remove the unencryted key from memory as best as possible.
+		# Stops the encryption and prevents further decrypts to occur.
+		def stop_encryption
+			remove_instance_variable(:@key)
+			@init = false
+		end
+
+		# Encrypt the clear text using the encryption key
+		# Returns a base64 encoded string
+		# Throws exceptions
+		#
+		def encrypt(data)
+			begin
+				return AES.encrypt(data, @key) unless @key.nil?
+			rescue Exception => e
+				puts e.message
+				raise EncryptionFailedError.new, "An error was encountered while encrypting data"
+			end
+		end
+
+		# Decrypt the cypher text using the encryption key
+		# Returns the original clear text.
+		# Throws exceptions
+		# 
+		def decrypt(data)
+			begin
+				return AES.decrypt(data, @key) unless @key.nil?
+			rescue Exception => e
+				puts e.message
+				raise DecryptionFailedError.new, "An error was encountered while decrypting data"
+			end
+		end
+
+		# Starts the shift of the main password and creates a new key (cipher) to encrypt with the new pw
+		#
+		def init_shift
+			@tmp_key = AES.key
+		end
+
+		# Change the encryption cipher for a file in the vault.
+		#
+		def shift_cipher(file)
+			temp = AES.decrypt(file, @key) unless @key.nil?
+			return AES.encrypt(temp, @tmp_key)
+		end
+
+		# Returns new encrypted key
+		#
+		def finalise_shift(fresh)
+			@key = @tmp_key # => Finishing the cipher shift
+			key_encrypted = AES.encrypt(@tmp_key, fresh)
+			remove_instance_variable(:@tmp_key)	# => Removing insecure imprint
+
+			return key_encrypted # => To be stored in the new config file!
+		end
+	end
+
+end

data/lib/reedb/security/encryption.rb

@@ -0,0 +1,64 @@
+# ====================================================
+# Copyright 2015 Random Robot Softworks (see @author)
+# @author: Katharina Sabel | www.2rsoftworks.de
+#
+# Distributed under the GNU Lesser GPL Version 2.1
+# (See accompanying LICENSE file or get a copy at
+# 	https://www.gnu.org/licenses/lgpl.html)
+# ====================================================
+
+require 'digest'
+
+
+# Master crypt module to be extended by specific cyphers
+module Reedb
+	class MCypher
+
+		# Attribute reader to get init state of crypt module
+		#
+		attr_reader :init
+
+		def initialize()
+			@init = false
+		end
+
+		def start_encryption
+		end
+
+		def stop_encryption
+		end
+
+		def encrypt(string)
+		end
+
+		def decrypt(string)
+		end
+	end
+
+	class SecurityUtils
+
+		# => Returns 190 bit tiger hash
+		# DO NOT USE FOR PASSWORD HASHING!
+		# Used to hash file-names in vaults
+		#
+		def self.tiger_hash(string)
+			if Reedb::verbose?
+				DaemonLogger.write("[FIX ME]: t_hash is a broken function!", "warn")
+			end
+			return self.sha512_hash("#{string}")
+			# Digest::Tiger.hexdigest("#{string}")
+		end
+
+		# => Returns 64 byte sha hash.
+		# DO NOT USE FOR PASSWORD HASHING!
+		# Used for integrety checking files
+		#
+		def self.sha512_hash(string)
+			return Digest::SHA256.hexdigest("#{string}")
+		end
+
+		def self.name_col_hash(string)
+			return "---#{string}"
+		end
+	end
+end

data/lib/reedb/security/multifish.rb

@@ -0,0 +1,15 @@
+# ====================================================
+# Copyright 2015 Random Robot Softworks (see @author)
+# @author: Katharina Sabel | www.2rsoftworks.de
+#
+# Distributed under the GNU Lesser GPL Version 2.1
+# (See accompanying LICENSE file or get a copy at
+# 	https://www.gnu.org/licenses/lgpl.html)
+# ====================================================
+
+module Reedb
+	class MLE
+
+	end
+end
+

data/lib/reedb/security/secure_hash.rb

@@ -0,0 +1,131 @@
+# Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
+# Copyright (c) 2013, Taylor Hornby
+#
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without 
+# modification, are permitted provided that the following conditions are met:
+# 
+# 1. Redistributions of source code must retain the above copyright notice, 
+# this list of conditions and the following disclaimer.
+# 
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation 
+# and/or other materials provided with the distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
+# POSSIBILITY OF SUCH DAMAGE.
+
+require 'securerandom'
+require 'openssl'
+require 'base64'
+
+# Salted password hashing with SHA2.
+# Authors: @RedragonX (dicesoft.net), havoc AT defuse.ca 
+#          @SpaceKookie, spacekookie AT c-base.org
+#
+# www: http://crackstation.net/hashing-security.htm
+module Reedb
+
+  class SecureHash
+
+    # Constants for the hashing process.
+    # Can be changed without breaking existing hashes!
+    PBKDF2_ITERATIONS = 10000
+    SALT_BYTE_SIZE = 32
+    HASH_BYTE_SIZE = 24
+
+    HASH_SECTIONS = 3
+    SECTION_DELIMITER = '::'
+    ITERATIONS_INDEX = 0
+    SALT_INDEX = 1
+    HASH_INDEX = 2
+
+    def self.secure_hash password
+      salt = SecureRandom.base64(SALT_BYTE_SIZE)
+      sha256 = OpenSSL::Digest::SHA256.new
+      len = sha256.digest_length
+      pbkdf2 = OpenSSL::PKCS5.pbkdf2_hmac(
+        password,
+        salt,
+        PBKDF2_ITERATIONS,
+        len,
+        sha256
+      )
+
+      return [PBKDF2_ITERATIONS, salt, Base64.encode64( pbkdf2 )].join( SECTION_DELIMITER )
+    end
+
+    # Checks if a password is correct given a hash of the correct one.
+    # correctHash must be a hash string generated with createHash.
+    def self.validate_pw(password, correctHash)
+      params = correctHash.split(SECTION_DELIMITER)
+      return false if params.length != HASH_SECTIONS
+
+      salt = params[SALT_INDEX]
+      hash = [HASH_INDEX]
+
+      sha256 = OpenSSL::Digest::SHA256.new
+      len = sha256.digest_length
+
+      confirmed = Base64.decode64(params[HASH_INDEX])
+      test_hash = OpenSSL::PKCS5.pbkdf2_hmac(
+        password,
+        salt,
+        PBKDF2_ITERATIONS,
+        len,
+        sha256
+      )
+
+      return confirmed == test_hash
+    end
+
+    # Run tests to ensure the module is functioning properly.
+    # Returns true if all tests succeed, false if not.
+    def self.runSelfTests
+      puts "Sample hashes:"
+      3.times { puts secure_hash("password") }
+
+      puts "\nRunning self tests..."
+      @@allPass = true
+
+      correctPassword = 'aaaaaaaaaa'
+      wrongPassword = 'aaaaaaaaab'
+      hash = secure_hash(correctPassword)
+
+      assert( validate_pw( correctPassword, hash ) == true, "correct password" )
+      assert( validate_pw( wrongPassword, hash ) == false, "wrong password" )
+
+      h1 = hash.split( SECTION_DELIMITER )
+      h2 = secure_hash( correctPassword ).split( SECTION_DELIMITER )
+      assert( h1[HASH_INDEX] != h2[HASH_INDEX], "different hashes" )
+      assert( h1[SALT_INDEX] != h2[SALT_INDEX], "different salt" )
+
+      if @@allPass
+        puts "*** ALL TESTS PASS ***"
+      else
+        puts "*** FAILURES ***"
+      end
+
+      return @@allPass
+    end
+
+    def self.assert( truth, msg )
+      if truth
+        puts "PASS [#{msg}]"
+      else
+        puts "FAIL [#{msg}]"
+        @@allPass = false
+      end
+    end
+  end
+end

data/lib/reedb/security/twofish.rb

@@ -0,0 +1,14 @@
+# ====================================================
+# Copyright 2015 Random Robot Softworks (see @author)
+# @author: Katharina Sabel | www.2rsoftworks.de
+#
+# Distributed under the GNU Lesser GPL Version 2.1
+# (See accompanying LICENSE file or get a copy at
+# 	https://www.gnu.org/licenses/lgpl.html)
+# ====================================================
+
+module Reedb
+	class Fish
+
+	end
+end

data/lib/reedb/utils/logger.rb

@@ -0,0 +1,97 @@
+# ====================================================
+# Copyright 2015 Lonely Robot (see @author)
+# @author: Katharina Sabel | www.2rsoftworks.de
+#
+# Distributed under the GNU Lesser GPL Version 3
+# (See accompanying LICENSE file or get a copy at
+# 	https://www.gnu.org/licenses/lgpl.html)
+# ====================================================
+
+require 'logger'
+
+module Reedb
+
+	# A logger that gets bound to a vault and logs vault activity in the
+	# vaults logs/ directory.
+	# It's using the Ruby internal logging library to split up logs into date blocks.
+	# (Each day is one log file).
+	# 
+	class VaultLogger
+
+		@@logger = nil
+
+		# Sets up a logger on a vault and loads existing logs if they exist.
+		# Logs are limited not in size but only by dates. Vault logs don't contain whitespaces.
+		#
+		def self.setup(path)
+			log_path = "#{path}/logs/#{Reedb::Utilities.get_time(true)}.log"
+			@@logger = Logger.new("#{log_path}")
+		end
+
+
+		# Writes something to the current vault log (under #{@path}/logs/)
+		# Possible parameters are:
+		# 'debug':: Throwing every operation at the log.
+		# 'info':: Default logging level for most situations and events.
+		# 'warn':: Logs a warning. Should be event that won't impact stability.
+		# 'error':: Logs an error. Should be recoverable event.
+		# 'fatal':: Logs a fatal crash. Should make the Reepass daemon crash!
+		def self.write(message, level = "")
+			if level == "warn"
+				@@logger.warn(message)
+
+			elsif level == "debug"
+				@@logger.debug(message)
+
+			elsif level == "error"
+				@@logger.error(message)
+
+			elsif level == "fatal"
+				@@logger.fatal(message)
+				
+			else
+				@@logger.info(message)
+			end
+		end
+	end
+
+	class DaemonLogger
+
+		@@logger = nil
+
+		# Sets up a logger on a vault and loads existing logs if they exist.
+		# Logs are limited not in size but only by dates. Vault logs don't contain whitespaces.
+		#
+		def self.setup(path)
+			log_path = "#{path}/#{Reedb::Utilities.get_time(true)}.log"
+			@@logger = Logger.new("#{log_path}")
+		end
+
+
+		# Writes something to the current vault log (under #{@path}/logs/)
+		# Possible parameters are:
+		# 'debug':: Throwing every operation at the log.
+		# 'info':: Default logging level for most situations and events.
+		# 'warn':: Logs a warning. Should be event that won't impact stability.
+		# 'error':: Logs an error. Should be recoverable event.
+		# 'fatal':: Logs a fatal crash. Should make the Reepass daemon crash!
+		def self.write(message, level = "")
+			if level == "warn"
+				@@logger.warn(message)
+
+			elsif level == "debug"
+				@@logger.debug(message)
+
+			elsif level == "error"
+				@@logger.error(message)
+
+			elsif level == "fatal"
+				@@logger.fatal(message)
+				
+			else
+				@@logger.info(message)
+			end
+		end
+	end # End of class
+
+end

data/lib/reedb/utils/meta_vault.rb

@@ -0,0 +1,28 @@
+# ====================================================
+# Copyright 2015 Lonely Robot (see @author)
+# @author: Katharina Sabel | www.2rsoftworks.de
+#
+# Distributed under the GNU Lesser GPL Version 3
+# (See accompanying LICENSE file or get a copy at
+# 	https://www.gnu.org/licenses/lgpl.html)
+# ====================================================
+
+module Reedb
+
+	# Handler class to map vaults in the reedb api to a set
+	class MetaVault
+		attr_accessor :name, :path, :size, :uuid
+
+		def initialize(name, path, size, uuid)
+			@name = name
+			@path = path
+			@size = size
+			@uuid = uuid
+		end
+
+		# Used to compare vaults
+		def includes?(name) return (@name == name) end
+		def includes?(name, path) return (@name == name && @path == path) end
+		def to_s() return "'#{@name}'@'#{@path}', size: #{@size}" end
+	end
+end