Commit 4eb9e1d

mo <mo.khan@gmail.com>
2018-02-11 19:16:08
skip nonce.
main
1 parent 9defc4d
Changed files (4)
lib
tfa
cli.rb
storage.rb
tfa.rb
spec
lib
cli_spec.rb
lib/tfa/cli.rb
@@ -5,6 +5,7 @@ module TFA
     package_name "TFA"
     class_option :filename
     class_option :directory
+    class_option :passphrase
 
     desc "add NAME SECRET", "add a new secret to the database"
     def add(name, secret)
@@ -37,9 +38,7 @@ module TFA
 
     desc "now SECRET", "generate a Time based One Time Password for the given secret"
     def now(secret)
-      open_database do
-        TotpCommand.new(storage).run('', secret)
-      end
+      TotpCommand.new(storage).run('', secret)
     end
 
     desc "upgrade", "upgrade the pstore database to a yml database."
@@ -117,7 +116,7 @@ module TFA
     end
 
     def passphrase
-      @passphrase ||= ask("Enter passphrase:", echo: false)
+      @passphrase ||= options[:passphrase] || ask("Enter passphrase:", echo: false)
     end
 
     def ensure_upgraded!
@@ -134,9 +133,7 @@ module TFA
     end
 
     def open_database
-      if upgraded?
-        yaml_storage.decrypt!(passphrase)
-      end
+      yaml_storage.decrypt!(passphrase) if upgraded?
       result = yield
       yaml_storage.encrypt!(passphrase)
       result
lib/tfa/storage.rb
@@ -44,22 +44,26 @@ module TFA
     end
 
     def encrypt!(passphrase)
+      cipher = OpenSSL::Cipher.new("AES-256-CBC")
       cipher.encrypt
-      cipher.key = Digest::SHA256.digest(passphrase)
-      cipher.iv = cipher.random_iv
+      cipher.key = digest_for(passphrase)
+      #iv = cipher.random_iv
+      #cipher.iv = iv
 
       plain_text = read_all
+      #cipher_text = iv + cipher.update(plain_text) + cipher.final
       cipher_text = cipher.update(plain_text) + cipher.final
       flush(cipher_text)
     end
 
     def decrypt!(passphrase)
       cipher_text = read_all
-      decipher = cipher
+      decipher = OpenSSL::Cipher.new("AES-256-CBC")
       decipher.decrypt
-      decipher.iv = cipher_text[0..decipher.iv_len-1]
-      cipher.key = Digest::SHA256.digest(passphrase)
-      data = cipher_text[decipher.iv_len..-1]
+      #decipher.iv = cipher_text[0..decipher.iv_len-1]
+      decipher.key = digest_for(passphrase)
+      #data = cipher_text[decipher.iv_len..-1]
+      data = cipher_text
       flush(decipher.update(data) + decipher.final)
     end
 
@@ -71,10 +75,6 @@ module TFA
       end
     end
 
-    def cipher
-      @cipher ||= OpenSSL::Cipher.new("AES-256-CBC")
-    end
-
     def read_all
       IO.read(path)
     end
@@ -82,5 +82,9 @@ module TFA
     def flush(data)
       IO.write(path, data)
     end
+
+    def digest_for(passphrase)
+      Digest::SHA256.digest(passphrase)
+    end
   end
 end
lib/tfa.rb
@@ -1,3 +1,4 @@
+require "base64"
 require "digest"
 require "openssl"
 require "pstore"
spec/lib/cli_spec.rb
@@ -1,6 +1,7 @@
 module TFA
   describe CLI do
-    subject { CLI.new([], filename: SecureRandom.uuid, directory: Dir.tmpdir) }
+    subject { CLI.new([], filename: SecureRandom.uuid, directory: Dir.tmpdir, passphrase: passphrase) }
+    let(:passphrase) { SecureRandom.uuid }
 
     def code_for(secret)
       ::ROTP::TOTP.new(secret).now