From 4eb9e1df2af3d07b711c8cb4afefbaaa324f4afd Mon Sep 17 00:00:00 2001
From: mo <mo.khan@gmail.com>
Date: Sun, 11 Feb 2018 12:16:08 -0700
Subject: skip nonce.

---
 lib/tfa.rb           |  1 +
 lib/tfa/cli.rb       | 11 ++++-------
 lib/tfa/storage.rb   | 24 ++++++++++++++----------
 spec/lib/cli_spec.rb |  3 ++-
 4 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/lib/tfa.rb b/lib/tfa.rb
index a9d450d..2f16852 100644
--- a/lib/tfa.rb
+++ b/lib/tfa.rb
@@ -1,3 +1,4 @@
+require "base64"
 require "digest"
 require "openssl"
 require "pstore"
diff --git a/lib/tfa/cli.rb b/lib/tfa/cli.rb
index b1fe340..f88eb67 100644
--- a/lib/tfa/cli.rb
+++ b/lib/tfa/cli.rb
@@ -5,6 +5,7 @@ module TFA
     package_name "TFA"
     class_option :filename
     class_option :directory
+    class_option :passphrase
 
     desc "add NAME SECRET", "add a new secret to the database"
     def add(name, secret)
@@ -37,9 +38,7 @@ module TFA
 
     desc "now SECRET", "generate a Time based One Time Password for the given secret"
     def now(secret)
-      open_database do
-        TotpCommand.new(storage).run('', secret)
-      end
+      TotpCommand.new(storage).run('', secret)
     end
 
     desc "upgrade", "upgrade the pstore database to a yml database."
@@ -117,7 +116,7 @@ module TFA
     end
 
     def passphrase
-      @passphrase ||= ask("Enter passphrase:", echo: false)
+      @passphrase ||= options[:passphrase] || ask("Enter passphrase:", echo: false)
     end
 
     def ensure_upgraded!
@@ -134,9 +133,7 @@ module TFA
     end
 
     def open_database
-      if upgraded?
-        yaml_storage.decrypt!(passphrase)
-      end
+      yaml_storage.decrypt!(passphrase) if upgraded?
       result = yield
       yaml_storage.encrypt!(passphrase)
       result
diff --git a/lib/tfa/storage.rb b/lib/tfa/storage.rb
index 3feee5f..c2caf27 100644
--- a/lib/tfa/storage.rb
+++ b/lib/tfa/storage.rb
@@ -44,22 +44,26 @@ module TFA
     end
 
     def encrypt!(passphrase)
+      cipher = OpenSSL::Cipher.new("AES-256-CBC")
       cipher.encrypt
-      cipher.key = Digest::SHA256.digest(passphrase)
-      cipher.iv = cipher.random_iv
+      cipher.key = digest_for(passphrase)
+      #iv = cipher.random_iv
+      #cipher.iv = iv
 
       plain_text = read_all
+      #cipher_text = iv + cipher.update(plain_text) + cipher.final
       cipher_text = cipher.update(plain_text) + cipher.final
       flush(cipher_text)
     end
 
     def decrypt!(passphrase)
       cipher_text = read_all
-      decipher = cipher
+      decipher = OpenSSL::Cipher.new("AES-256-CBC")
       decipher.decrypt
-      decipher.iv = cipher_text[0..decipher.iv_len-1]
-      cipher.key = Digest::SHA256.digest(passphrase)
-      data = cipher_text[decipher.iv_len..-1]
+      #decipher.iv = cipher_text[0..decipher.iv_len-1]
+      decipher.key = digest_for(passphrase)
+      #data = cipher_text[decipher.iv_len..-1]
+      data = cipher_text
       flush(decipher.update(data) + decipher.final)
     end
 
@@ -71,10 +75,6 @@ module TFA
       end
     end
 
-    def cipher
-      @cipher ||= OpenSSL::Cipher.new("AES-256-CBC")
-    end
-
     def read_all
       IO.read(path)
     end
@@ -82,5 +82,9 @@ module TFA
     def flush(data)
       IO.write(path, data)
     end
+
+    def digest_for(passphrase)
+      Digest::SHA256.digest(passphrase)
+    end
   end
 end
diff --git a/spec/lib/cli_spec.rb b/spec/lib/cli_spec.rb
index 5f87689..e6df06e 100644
--- a/spec/lib/cli_spec.rb
+++ b/spec/lib/cli_spec.rb
@@ -1,6 +1,7 @@
 module TFA
   describe CLI do
-    subject { CLI.new([], filename: SecureRandom.uuid, directory: Dir.tmpdir) }
+    subject { CLI.new([], filename: SecureRandom.uuid, directory: Dir.tmpdir, passphrase: passphrase) }
+    let(:passphrase) { SecureRandom.uuid }
 
     def code_for(secret)
       ::ROTP::TOTP.new(secret).now
-- 
cgit v1.2.3