diff options
| author | mo <mo.khan@gmail.com> | 2018-02-11 12:16:08 -0700 |
|---|---|---|
| committer | mo <mo.khan@gmail.com> | 2018-02-11 12:16:08 -0700 |
| commit | 4eb9e1df2af3d07b711c8cb4afefbaaa324f4afd (patch) | |
| tree | 3f81c2fde05358149ffff50ad71f0d531c25d104 | |
| parent | 9defc4d5ce0d3ef33fb0b01635433242d0a47c82 (diff) | |
skip nonce.
| -rw-r--r-- | lib/tfa.rb | 1 | ||||
| -rw-r--r-- | lib/tfa/cli.rb | 11 | ||||
| -rw-r--r-- | lib/tfa/storage.rb | 24 | ||||
| -rw-r--r-- | spec/lib/cli_spec.rb | 3 |
4 files changed, 21 insertions, 18 deletions
@@ -1,3 +1,4 @@ +require "base64" require "digest" require "openssl" require "pstore" diff --git a/lib/tfa/cli.rb b/lib/tfa/cli.rb index b1fe340..f88eb67 100644 --- a/lib/tfa/cli.rb +++ b/lib/tfa/cli.rb @@ -5,6 +5,7 @@ module TFA package_name "TFA" class_option :filename class_option :directory + class_option :passphrase desc "add NAME SECRET", "add a new secret to the database" def add(name, secret) @@ -37,9 +38,7 @@ module TFA desc "now SECRET", "generate a Time based One Time Password for the given secret" def now(secret) - open_database do - TotpCommand.new(storage).run('', secret) - end + TotpCommand.new(storage).run('', secret) end desc "upgrade", "upgrade the pstore database to a yml database." @@ -117,7 +116,7 @@ module TFA end def passphrase - @passphrase ||= ask("Enter passphrase:", echo: false) + @passphrase ||= options[:passphrase] || ask("Enter passphrase:", echo: false) end def ensure_upgraded! @@ -134,9 +133,7 @@ module TFA end def open_database - if upgraded? - yaml_storage.decrypt!(passphrase) - end + yaml_storage.decrypt!(passphrase) if upgraded? result = yield yaml_storage.encrypt!(passphrase) result diff --git a/lib/tfa/storage.rb b/lib/tfa/storage.rb index 3feee5f..c2caf27 100644 --- a/lib/tfa/storage.rb +++ b/lib/tfa/storage.rb @@ -44,22 +44,26 @@ module TFA end def encrypt!(passphrase) + cipher = OpenSSL::Cipher.new("AES-256-CBC") cipher.encrypt - cipher.key = Digest::SHA256.digest(passphrase) - cipher.iv = cipher.random_iv + cipher.key = digest_for(passphrase) + #iv = cipher.random_iv + #cipher.iv = iv plain_text = read_all + #cipher_text = iv + cipher.update(plain_text) + cipher.final cipher_text = cipher.update(plain_text) + cipher.final flush(cipher_text) end def decrypt!(passphrase) cipher_text = read_all - decipher = cipher + decipher = OpenSSL::Cipher.new("AES-256-CBC") decipher.decrypt - decipher.iv = cipher_text[0..decipher.iv_len-1] - cipher.key = Digest::SHA256.digest(passphrase) - data = cipher_text[decipher.iv_len..-1] + #decipher.iv = cipher_text[0..decipher.iv_len-1] + decipher.key = digest_for(passphrase) + #data = cipher_text[decipher.iv_len..-1] + data = cipher_text flush(decipher.update(data) + decipher.final) end @@ -71,10 +75,6 @@ module TFA end end - def cipher - @cipher ||= OpenSSL::Cipher.new("AES-256-CBC") - end - def read_all IO.read(path) end @@ -82,5 +82,9 @@ module TFA def flush(data) IO.write(path, data) end + + def digest_for(passphrase) + Digest::SHA256.digest(passphrase) + end end end diff --git a/spec/lib/cli_spec.rb b/spec/lib/cli_spec.rb index 5f87689..e6df06e 100644 --- a/spec/lib/cli_spec.rb +++ b/spec/lib/cli_spec.rb @@ -1,6 +1,7 @@ module TFA describe CLI do - subject { CLI.new([], filename: SecureRandom.uuid, directory: Dir.tmpdir) } + subject { CLI.new([], filename: SecureRandom.uuid, directory: Dir.tmpdir, passphrase: passphrase) } + let(:passphrase) { SecureRandom.uuid } def code_for(secret) ::ROTP::TOTP.new(secret).now |