|
|
|
|
@ -1,5 +1,5 @@
|
|
|
|
|
use chacha20poly1305::{aead::Aead, AeadCore, ChaCha20Poly1305, KeyInit};
|
|
|
|
|
use entity::account;
|
|
|
|
|
use chacha20poly1305::{AeadCore, AeadInPlace, ChaCha20Poly1305, KeyInit};
|
|
|
|
|
use entity::account::{self, ActiveModel};
|
|
|
|
|
use pbkdf2::pbkdf2_hmac_array;
|
|
|
|
|
use rand::{rngs::OsRng, RngCore};
|
|
|
|
|
use sea_orm::ActiveValue::Set;
|
|
|
|
|
@ -23,68 +23,89 @@ impl Cipher {
|
|
|
|
|
|
|
|
|
|
/// Encrypts the value with the current cipher. The 12 byte nonce is appended to the result
|
|
|
|
|
#[inline]
|
|
|
|
|
pub fn encrypt(&self, value: &[u8]) -> crate::Result<Vec<u8>> {
|
|
|
|
|
#[allow(clippy::missing_panics_doc)]
|
|
|
|
|
pub fn encrypt(&self, value: &mut Vec<u8>) {
|
|
|
|
|
let nonce = ChaCha20Poly1305::generate_nonce(&mut OsRng);
|
|
|
|
|
let mut result = self.chacha.encrypt(&nonce, value)?;
|
|
|
|
|
result.extend(nonce);
|
|
|
|
|
Ok(result)
|
|
|
|
|
self.chacha.encrypt_in_place(&nonce, b"", value).unwrap();
|
|
|
|
|
value.extend_from_slice(&nonce);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Decrypts the value with the current cipher. The 12 byte nonce is expected to be at the end of the value
|
|
|
|
|
///
|
|
|
|
|
/// # Errors
|
|
|
|
|
///
|
|
|
|
|
/// Returns an error if the tag doesn't match the ciphertext
|
|
|
|
|
#[inline]
|
|
|
|
|
pub fn decrypt(&self, value: &[u8]) -> crate::Result<Vec<u8>> {
|
|
|
|
|
let (data, nonce) = value.split_at(value.len() - 12);
|
|
|
|
|
pub fn decrypt(&self, value: &mut Vec<u8>) -> crate::Result<()> {
|
|
|
|
|
let nonce: [u8; 12] = value[value.len() - 12..]
|
|
|
|
|
.try_into()
|
|
|
|
|
.map_err(|_| crate::Error::InvalidInputLength)?;
|
|
|
|
|
value.truncate(value.len() - 12);
|
|
|
|
|
|
|
|
|
|
self.chacha.decrypt(nonce.into(), data).map_err(Into::into)
|
|
|
|
|
self.chacha
|
|
|
|
|
.decrypt_in_place(nonce.as_slice().into(), b"", value)
|
|
|
|
|
.map_err(Into::into)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub trait FromUnencryptedExt {
|
|
|
|
|
fn from_unencrypted(
|
|
|
|
|
user_id: u64,
|
|
|
|
|
name: String,
|
|
|
|
|
login: &str,
|
|
|
|
|
password: &str,
|
|
|
|
|
master_pass: &str,
|
|
|
|
|
) -> crate::Result<account::ActiveModel>;
|
|
|
|
|
#[derive(serde::Serialize, serde::Deserialize)]
|
|
|
|
|
pub struct Decrypted {
|
|
|
|
|
pub name: String,
|
|
|
|
|
pub login: String,
|
|
|
|
|
pub password: String,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl FromUnencryptedExt for account::ActiveModel {
|
|
|
|
|
/// Encryptes the provided data by the master password and creates the `ActiveModel` with all fields set to Set variant
|
|
|
|
|
impl Decrypted {
|
|
|
|
|
/// Constructs `DecryptedAccount` by decrypting the provided account
|
|
|
|
|
///
|
|
|
|
|
/// # Errors
|
|
|
|
|
///
|
|
|
|
|
/// Returns an error if the tag doesn't match the ciphertext or if the decrypted data isn't valid UTF-8
|
|
|
|
|
#[inline]
|
|
|
|
|
fn from_unencrypted(
|
|
|
|
|
user_id: u64,
|
|
|
|
|
name: String,
|
|
|
|
|
login: &str,
|
|
|
|
|
password: &str,
|
|
|
|
|
master_pass: &str,
|
|
|
|
|
) -> crate::Result<Self> {
|
|
|
|
|
let mut salt = vec![0; 64];
|
|
|
|
|
OsRng.fill_bytes(&mut salt);
|
|
|
|
|
let cipher = Cipher::new(master_pass.as_bytes(), &salt);
|
|
|
|
|
let enc_login = Set(cipher.encrypt(login.as_bytes())?);
|
|
|
|
|
let enc_password = Set(cipher.encrypt(password.as_bytes())?);
|
|
|
|
|
pub fn from_account(mut account: account::Model, master_pass: &str) -> crate::Result<Self> {
|
|
|
|
|
let cipher = Cipher::new(master_pass.as_bytes(), &account.salt);
|
|
|
|
|
cipher.decrypt(&mut account.enc_login)?;
|
|
|
|
|
cipher.decrypt(&mut account.enc_password)?;
|
|
|
|
|
|
|
|
|
|
Ok(Self {
|
|
|
|
|
name: Set(name),
|
|
|
|
|
user_id: Set(user_id),
|
|
|
|
|
salt: Set(salt),
|
|
|
|
|
enc_login,
|
|
|
|
|
enc_password,
|
|
|
|
|
name: account.name,
|
|
|
|
|
login: String::from_utf8(account.enc_login)?,
|
|
|
|
|
password: String::from_utf8(account.enc_password)?,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub trait DecryptAccountExt {
|
|
|
|
|
fn decrypt(&self, master_pass: &str) -> crate::Result<(String, String)>;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl DecryptAccountExt for account::Model {
|
|
|
|
|
/// Returns the decrypted login and password of the account
|
|
|
|
|
/// Constructs `ActiveModel` with eath field Set by encrypting `self`
|
|
|
|
|
#[inline]
|
|
|
|
|
fn decrypt(&self, master_pass: &str) -> crate::Result<(String, String)> {
|
|
|
|
|
let cipher = Cipher::new(master_pass.as_bytes(), &self.salt);
|
|
|
|
|
let login = String::from_utf8(cipher.decrypt(&self.enc_login)?)?;
|
|
|
|
|
let password = String::from_utf8(cipher.decrypt(&self.enc_password)?)?;
|
|
|
|
|
Ok((login, password))
|
|
|
|
|
#[must_use]
|
|
|
|
|
pub fn into_account(self, user_id: u64, master_pass: &str) -> account::ActiveModel {
|
|
|
|
|
let mut login = self.login.into_bytes();
|
|
|
|
|
let mut password = self.password.into_bytes();
|
|
|
|
|
let mut salt = vec![0; 64];
|
|
|
|
|
OsRng.fill_bytes(&mut salt);
|
|
|
|
|
|
|
|
|
|
let cipher = Cipher::new(master_pass.as_bytes(), &salt);
|
|
|
|
|
cipher.encrypt(&mut login);
|
|
|
|
|
cipher.encrypt(&mut password);
|
|
|
|
|
|
|
|
|
|
ActiveModel {
|
|
|
|
|
user_id: Set(user_id),
|
|
|
|
|
name: Set(self.name),
|
|
|
|
|
salt: Set(salt),
|
|
|
|
|
enc_login: Set(login),
|
|
|
|
|
enc_password: Set(password),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Returns true if the account's fields are valid
|
|
|
|
|
#[inline]
|
|
|
|
|
#[must_use]
|
|
|
|
|
pub fn validate(&self) -> bool {
|
|
|
|
|
[
|
|
|
|
|
self.name.as_str(),
|
|
|
|
|
self.login.as_str(),
|
|
|
|
|
self.password.as_str(),
|
|
|
|
|
]
|
|
|
|
|
.into_iter()
|
|
|
|
|
.all(super::validate_field)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
