ruby-keepassx 0.2.0beta11

data/lib/keepassx/group_field.rb

@@ -0,0 +1,22 @@
+module Keepassx
+  class GroupField
+    include Field
+
+    FIELD_TYPES = [
+        [0x0, 'ignored', :null],
+        [0x1, 'groupid', :int],
+        [0x2, 'group_name', :string],
+        [0x3, 'creation_time', :date],
+        [0x4, 'lastmod_time', :date],
+        [0x5, 'lastacc_time', :date],
+        [0x6, 'expire_time', :date],
+        [0x7, 'imageid', :int],
+        [0x8, 'level', :short],
+        [0x9, 'flags', :int],
+        [0xFFFF, 'terminator', :null]
+    ]
+
+    attr_reader :name, :data_type, :type_code
+
+  end
+end

data/lib/keepassx/header.rb

@@ -0,0 +1,178 @@
+# The keepass file header.
+#
+# From the KeePass doc:
+#
+# Database header: [DBHDR]
+#
+# [ 4 bytes] DWORD    dwSignature1  = 0x9AA2D903
+# [ 4 bytes] DWORD    dwSignature2  = 0xB54BFB65
+# [ 4 bytes] DWORD    dwFlags
+# [ 4 bytes] DWORD    dwVersion       { Ve.Ve.Mj.Mj:Mn.Mn.Bl.Bl }
+# [16 bytes] BYTE{16} aMasterSeed
+# [16 bytes] BYTE{16} aEncryptionIV
+# [ 4 bytes] DWORD    dwGroups        Number of groups in database
+# [ 4 bytes] DWORD    dwEntries       Number of entries in database
+# [32 bytes] BYTE{32} aContentsHash   SHA-256 hash value of the plain contents
+# [32 bytes] BYTE{32} aMasterSeed2    Used for the dwKeyEncRounds AES
+#                                     master key transformations
+# [ 4 bytes] DWORD    dwKeyEncRounds  See above; number of transformations
+#
+# Notes:
+#
+# - dwFlags is a bitmap, which can include:
+#   * PWM_FLAG_SHA2     (1) for SHA-2.
+#   * PWM_FLAG_RIJNDAEL (2) for AES (Rijndael).
+#   * PWM_FLAG_ARCFOUR  (4) for ARC4.
+#   * PWM_FLAG_TWOFISH  (8) for Twofish.
+# - aMasterSeed is a salt that gets hashed with the transformed user master key
+#   to form the final database data encryption/decryption key.
+#   * FinalKey = SHA-256(aMasterSeed, TransformedUserMasterKey)
+# - aEncryptionIV is the initialization vector used by AES/Twofish for
+#   encrypting/decrypting the database data.
+# - aContentsHash: "plain contents" refers to the database file, minus the
+#   database header, decrypted by FinalKey.
+#   * PlainContents = Decrypt_with_FinalKey(DatabaseFile - DatabaseHeader)
+module Keepassx
+  class Header
+
+    ENCRYPTION_FLAGS = [
+        [1, 'SHA2'],
+        [2, 'Rijndael'],
+        [2, 'AES'],
+        [4, 'ArcFour'],
+        [8, 'TwoFish']
+    ]
+
+    FIELDS = [
+        :signature1,
+        :signature2,
+        :flags,
+        :version,
+        :master_seed,
+        :encryption_iv,
+        :group_number,
+        :entry_number,
+        :contents_hash,
+        :master_seed2,
+        :rounds
+    ]
+
+    SIGNATURES = [0x9AA2D903, 0xB54BFB65]
+
+    attr_accessor :group_number, :entry_number, :encryption_iv, :contents_hash
+    attr_reader :signature1, :signature2, :flags, :version, :master_seed,
+        :master_seed2, :rounds
+
+
+    def initialize(header_bytes = nil)
+      if header_bytes.nil?
+        self.signature1, self.signature2 = SIGNATURES
+        self.flags = 3 # SHA2 hashing, AES encryption
+        self.version = 0x30002
+
+        self.master_seed = SecureRandom.random_bytes(16)
+        self.encryption_iv = SecureRandom.random_bytes(16)
+        self.master_seed2 = SecureRandom.random_bytes(32)
+
+        self.group_number = 0
+        self.entry_number = 0
+        self.rounds = 50000
+      else
+        header_bytes = StringIO.new header_bytes
+        self.signature1 = header_bytes.read(4).unpack('L*').first
+        self.signature2 = header_bytes.read(4).unpack('L*').first
+        self.flags = header_bytes.read(4).unpack('L*').first
+        self.version = header_bytes.read(4).unpack('L*').first
+        self.master_seed = header_bytes.read(16)
+        self.encryption_iv = header_bytes.read(16)
+        self.group_number = header_bytes.read(4).unpack('L*').first
+        self.entry_number = header_bytes.read(4).unpack('L*').first
+        self.contents_hash = header_bytes.read(32)
+        self.master_seed2 = header_bytes.read(32)
+        self.rounds = header_bytes.read(4).unpack('L*').first
+      end
+    end
+
+
+    def length
+      length = 0
+      FIELDS.each do |field|
+        length += field.length
+      end
+      length
+    end
+
+
+    # Return encoded header
+    #
+    # @return [String] Encoded header representation.
+    def encode
+      [signature1].pack('L*') <<
+          [signature2].pack('L*') <<
+          [flags].pack('L*') <<
+          [version].pack('L*') <<
+          master_seed <<
+          encryption_iv <<
+          [group_number].pack('L*') <<
+          [entry_number].pack('L*') <<
+          contents_hash <<
+          master_seed2 <<
+          [rounds].pack('L*')
+
+    end
+
+
+    def valid?
+      signature1 == SIGNATURES[0] && signature2 == SIGNATURES[1]
+    end
+
+
+    def encryption_type
+      ENCRYPTION_FLAGS.each do |(flag_mask, encryption_type)|
+        return encryption_type if flags & flag_mask
+      end
+      'Unknown'
+    end
+
+
+    def final_key(master_key, keyfile_data=nil)
+      key = Digest::SHA2.new.update(master_key).digest
+
+      if keyfile_data
+        if keyfile_data.size == 64 # Hex encoded key
+          keyfile_hash = [keyfile_data].pack("H*")
+        elsif keyfile_data.size == 32 # Raw key
+          keyfile_hash = keyfile_data
+        else
+          keyfile_hash = Digest::SHA2.new.update(keyfile_data).digest
+        end
+
+        if master_key == ""
+          key = keyfile_hash
+        else
+          key = Digest::SHA2.new.update(key + keyfile_hash).digest
+        end
+      end
+
+      aes = OpenSSL::Cipher::Cipher.new('AES-256-ECB')
+      aes.encrypt
+      aes.key = master_seed2
+      aes.padding = 0
+
+      rounds.times do
+        key = aes.update(key) + aes.final
+      end
+
+      key = Digest::SHA2.new.update(key).digest
+      key = Digest::SHA2.new.update(master_seed + key).digest
+
+    end
+
+
+    private
+
+    attr_writer :signature1, :signature2, :flags, :version, :master_seed,
+        :master_seed2, :rounds
+
+  end
+end

data/lib/keepassx/item.rb

@@ -0,0 +1,128 @@
+module Keepassx
+
+  module Item
+
+
+    def initialize _
+      @fields = []
+    end
+
+    def length
+      @fields.map(&:length).reduce(&:+)
+    end
+
+
+    def encode
+      buffer = ''
+      # FIXME: Check if terminator field not in @fields
+      @fields.each do |field|
+        buffer << field.encode
+      end
+      buffer
+    end
+
+
+    # TODO: Remove debug method
+    def dump
+      @fields
+    end
+
+
+    def to_hash
+      result = {}
+      self.class.fields.each do |field|
+
+        filed = field.to_sym
+        if self.respond_to? field
+          data = self.send field
+          # Skip empty value
+          if data.respond_to? :empty?
+            result[field] = data unless data.empty?
+          else
+            unless data.nil?
+              # FIXME: Implement field export method
+              if data.is_a? Time
+                result[field] = data.to_i
+              else
+                result[field] = data
+              end
+            end
+          end
+        end
+
+      end
+      # warn "result: #{result}"
+      result
+    end
+
+
+    def terminator= _
+      self.class::FIELD_CLASS.new :name => :terminator
+    end
+
+
+    def inspect
+      output = "<#{self.class} "
+      default_fields.each_key do |field_name|
+        if field_name.eql? :password
+          output << ', password=[FILTERED]'
+        else
+          output << ", #{field_name}=#{self.send(field_name)}" unless
+              field_name.eql? :terminator
+        end
+      end
+      output << '>'
+    end
+
+
+    def to_xml
+      section_name = (self.is_a? Keepassx::Group) && 'group' || 'entry'
+      main_section = REXML::Element.new section_name
+      default_fields.each_key do |field_name|
+        unless field_name.eql? :terminator
+          filed_section = main_section.add_element field_name.to_s
+          filed_section.text = self.send field_name
+        end
+      end
+
+      main_section
+    end
+
+
+    private
+
+    def decode(buffer)
+      @fields = []
+      loop do
+        field = self.class::FIELD_CLASS.new(buffer)
+        @fields << field
+        break if field.terminator?
+      end
+      @fields
+    end
+
+
+    def set(name, value)
+      field = @fields.detect { |field| field.name.eql? name.to_s }
+      if field.nil?
+        field = self.class::FIELD_CLASS.new :name => name, :data => value
+      else
+        field.data = value
+      end
+      field
+    end
+
+
+    def get(name)
+      field = @fields.detect { |field| field.name.eql? name.to_s }
+      # if field.nil?
+      #   # FIXME: Put proper field name into 'Field doesn't exists' exception
+      #   # fail "Field '#{name}' doesn't exists or not yet created"
+      # else
+      #   field.data
+      # end
+      field.data unless field.nil? # Return nil, if field doesn't exist
+    end
+
+  end
+end

data/lib/keepassx/utilities.rb

@@ -0,0 +1,226 @@
+module Keepassx
+  module Utilities
+
+
+    private
+
+    # Organize descendants in proper structure for given group.
+    # @param [Keepassx::Group] group Root group, branch is build for.
+    def build_branch group
+      group_hash = group.to_hash
+      group_entries = entries :group => group
+      descendant_groups = groups :parent => group
+
+      unless group_entries.nil?
+        group_hash[:entries] = []
+        entries.each { |e| group_hash[:entries] << e.to_hash }
+      end
+
+      unless descendant_groups.nil?
+        group_hash[:groups] = []
+        # Recursively build branch for descendant groups
+        descendant_groups.each { |g| group_hash[:groups] << build_branch(g) }
+      end
+
+      group_hash
+    end
+
+
+    def deep_copy opts
+      Marshal.load Marshal.dump opts # Make deep copy
+    end
+
+
+    def decrypt
+      @payload = AESCrypt.decrypt @encrypted_payload, final_key,
+          header.encryption_iv, 'AES-256-CBC'
+      current_checksum = checksum
+      unless current_checksum.eql? header.contents_hash
+        raise Keepassx::HashError.new "Hash test failed, expected " \
+            "#{header.contents_hash.inspect}, got #{current_checksum.inspect}"
+      end
+
+      @payload
+    end
+
+
+    def encrypt
+      @encrypted_payload = AESCrypt.encrypt @payload, final_key,
+          header.encryption_iv, 'AES-256-CBC'
+    end
+
+
+    def read opts
+      read_method = File.respond_to?(:binread) && :binread || :read
+      File.send read_method, opts
+
+        # FIXME: Implement exceptions
+    rescue IOError => e
+      warn ">>>> IOError in database.rb"
+      fail
+    rescue SystemCallError => e
+      warn ">>>> SystemCallError in database.rb"
+      fail
+    end
+
+
+    def final_key
+      fail "No master password specified" if password.nil?
+
+      key_file_data = nil
+      if File.exists? key_file
+        read_method   = File.respond_to?(:binread) ? :binread : :read
+        key_file_data = File.send read_method
+      end unless key_file.nil?
+
+      header.final_key(password, key_file_data)
+    end
+
+
+    def initialize_database raw_db
+      if raw_db.empty?
+        @header = Header.new
+        @locked = false
+      else
+        @header = Header.new raw_db[0..124]
+        @encrypted_payload = raw_db[124..-1]
+      end
+
+      @locked
+    end
+
+
+    # Set parents for groups
+    #
+    #  @param [Array] list Array of groups.
+    #  @return [Array] Updated array of groups.
+    def initialize_groups list
+
+      list.each_with_index do |group, index|
+
+        if index.eql? 0
+          previous_group = nil
+        else
+          previous_group = list[index - 1]
+        end
+
+        # If group is first entry or has level equal 0,
+        # it gets parent set to nil
+        if previous_group.nil? or group.level.eql? 0
+          group.parent = nil
+
+        # If group has level greater than parent's level by one,
+        # it gets parent set to the first previous group with level less
+        # than group's level by one
+        elsif group.level == previous_group.level + 1 or
+            group.level == previous_group.level
+
+          group.parent = previous_group
+
+          # If group has level less than or equal the level of the previous
+          # group and its level is no less than zero, then need to backward
+          # search for the first group which level is less than group's
+          # level by 1 and set it as a parent of the group
+        elsif 0 < group.level and group.level <= previous_group.level
+          group.parent = (index - 2).downto 0 do |i|
+            parent_candidate = list[i]
+            break parent_candidate if parent_candidate.level - 1 == group.level
+          end
+
+          # Invalid level
+        else
+          fail "Unexpected level '#{group.level}' for group '#{group.title}'"
+        end
+
+      end
+
+      @groups = list
+    end
+
+
+    def initialize_payload
+      result = ''
+      @groups.each { |group| result << group.encode }
+      @entries.each { |entry| result << entry.encode }
+      result
+    end
+
+
+    def payload
+      @payload ||= initialize_payload
+    end
+
+
+    # Retrieves last sibling index
+    #
+    #  @param [Keepassx::Group] parent Last sibling group.
+    #  @return [Integer] index Group index.
+    def last_sibling_index parent
+
+      if groups.empty?
+        return -1
+
+      elsif parent.nil?
+        parent_index  = 0
+        sibling_level = 1
+
+      else
+        parent_index  = groups.find_index parent
+        sibling_level = parent.level + 1
+
+      end
+
+      fail "Could not find group #{parent.title}" if parent_index.nil?
+
+      (parent_index..(header.group_number - 1)).each do |i|
+        break i unless groups[i].level.eql? sibling_level
+      end
+
+    end
+
+
+    # FIXME: Rename the method
+    # See spec/fixtures/test_data_array.yaml for data example
+    def parse_data_array opts
+      groups, entries = opts[:groups], opts[:entries]
+
+      # Remove groups and entries from options, so new group could be
+      # initialized from incoming Hash
+      fields          = Keepassx::Group.fields
+      group_opts      = opts.reject { |k, _| !fields.include? k }
+      group           = add_group group_opts
+
+      entries.each do |e|
+        entry = e.clone
+        add_entry entry.merge(:group => group)
+      end unless entries.nil?
+
+      # Recursively proceed each child group
+      groups.each { |g| parse_data_array g } unless groups.nil?
+    end
+
+
+    def delete_entry item
+      item = entries.delete item
+      header.entry_number -= 1
+      item
+    end
+
+
+    # Recursively delete group
+    def delete_group item
+      group_entries = entries.select { |e| e.group.equal? item }
+      # Delete entries, which belongs to group
+      group_entries.each { |e| delete_entry e }
+
+      group_ancestors = groups.select { |g| g.parent.equal? item }
+      # Recursively delete ancestor groups
+      group_ancestors.each { |g| delete_group g }
+
+      item = groups.delete item
+      header.group_number -= 1
+      item
+    end
+
+  end
+end