summaryrefslogtreecommitdiff
path: root/format-common/src/main
diff options
context:
space:
mode:
authorHarsh Shandilya <me@msfjarvis.dev>2021-04-18 02:48:59 +0530
committerHarsh Shandilya <me@msfjarvis.dev>2021-04-18 04:03:17 +0530
commit77abe7ee2c906747d80813fef8d786b3e8d94c0a (patch)
tree8146a514df53fc6e51e5288e7cf7e46673247740 /format-common/src/main
parent931cc052a8f22b96e11d4bd8f9d069ef8ff92e21 (diff)
format-common: initial API for PasswordEntry
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Diffstat (limited to 'format-common/src/main')
-rw-r--r--format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt211
-rw-r--r--format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt26
-rw-r--r--format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt74
-rw-r--r--format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt26
4 files changed, 337 insertions, 0 deletions
diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt
new file mode 100644
index 00000000..9b7fc8f3
--- /dev/null
+++ b/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt
@@ -0,0 +1,211 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package dev.msfjarvis.aps.data.passfile
+
+import androidx.annotation.VisibleForTesting
+import com.github.michaelbull.result.mapBoth
+import dagger.assisted.Assisted
+import dagger.assisted.AssistedInject
+import dev.msfjarvis.aps.util.time.UserClock
+import dev.msfjarvis.aps.util.totp.Otp
+import dev.msfjarvis.aps.util.totp.TotpFinder
+import kotlin.collections.set
+import kotlin.time.ExperimentalTime
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.flow.asStateFlow
+import kotlinx.coroutines.launch
+
+/** Represents a single entry in the password store. */
+@OptIn(ExperimentalTime::class)
+public class PasswordEntry
+@AssistedInject
+constructor(
+ /** A time source used to calculate the TOTP */
+ clock: UserClock,
+ /** [TotpFinder] implementation to extract data from a TOTP URI */
+ totpFinder: TotpFinder,
+ /**
+ * A cancellable [CoroutineScope] inside which we constantly emit new TOTP values as time elapses
+ */
+ @Assisted scope: CoroutineScope,
+ /** The content of this entry, as an array of bytes. */
+ @Assisted bytes: ByteArray,
+) {
+
+ private val _totp = MutableStateFlow("")
+ private val content = bytes.decodeToString()
+
+ /** The password text for this entry. Can be null. */
+ public val password: String?
+
+ /** The username for this entry. Can be null. */
+ public val username: String?
+
+ /** A [String] to [String] [Map] of the extra content of this entry, in a key:value fashion. */
+ public val extraContent: Map<String, String>
+
+ /**
+ * A [StateFlow] providing the current TOTP. It will emit a single empty string on initialization
+ * which is replaced with a real TOTP if applicable. Call [hasTotp] to verify whether or not you
+ * need to observe this value.
+ */
+ public val totp: StateFlow<String> = _totp.asStateFlow()
+
+ /**
+ * String representation of [extraContent] but with authentication related data such as TOTP URIs
+ * and usernames stripped.
+ */
+ public val extraContentWithoutAuthData: String
+ private val digits: String
+ private val totpSecret: String?
+ private val totpPeriod: Long
+ private val totpAlgorithm: String
+ @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) internal val extraContentString: String
+
+ init {
+ val (foundPassword, passContent) = findAndStripPassword(content.split("\n".toRegex()))
+ password = foundPassword
+ extraContentString = passContent.joinToString("\n")
+ extraContentWithoutAuthData = generateExtraContentWithoutAuthData()
+ extraContent = generateExtraContentPairs()
+ username = findUsername()
+ digits = totpFinder.findDigits(content)
+ totpSecret = totpFinder.findSecret(content)
+ totpPeriod = totpFinder.findPeriod(content)
+ totpAlgorithm = totpFinder.findAlgorithm(content)
+ if (totpSecret != null) {
+ scope.launch {
+ updateTotp(clock.millis())
+ val remainingTime = totpPeriod - (System.currentTimeMillis() % totpPeriod)
+ delay(remainingTime)
+ repeat(Int.MAX_VALUE) {
+ updateTotp(clock.millis())
+ delay(totpPeriod)
+ }
+ }
+ }
+ }
+
+ public fun hasTotp(): Boolean {
+ return totpSecret != null
+ }
+
+ private fun findAndStripPassword(passContent: List<String>): Pair<String?, List<String>> {
+ if (TotpFinder.TOTP_FIELDS.any { passContent[0].startsWith(it) }) return Pair(null, passContent)
+ for (line in passContent) {
+ for (prefix in PASSWORD_FIELDS) {
+ if (line.startsWith(prefix, ignoreCase = true)) {
+ return Pair(line.substring(prefix.length).trimStart(), passContent.minus(line))
+ }
+ }
+ }
+ return Pair(passContent[0], passContent.minus(passContent[0]))
+ }
+
+ private fun generateExtraContentWithoutAuthData(): String {
+ var foundUsername = false
+ return extraContentString
+ .lineSequence()
+ .filter { line ->
+ return@filter when {
+ USERNAME_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } && !foundUsername -> {
+ foundUsername = true
+ false
+ }
+ line.startsWith("otpauth://", ignoreCase = true) || line.startsWith("totp:", ignoreCase = true) -> {
+ false
+ }
+ else -> {
+ true
+ }
+ }
+ }
+ .joinToString(separator = "\n")
+ }
+
+ private fun generateExtraContentPairs(): Map<String, String> {
+ fun MutableMap<String, String>.putOrAppend(key: String, value: String) {
+ if (value.isEmpty()) return
+ val existing = this[key]
+ this[key] =
+ if (existing == null) {
+ value
+ } else {
+ "$existing\n$value"
+ }
+ }
+
+ val items = mutableMapOf<String, String>()
+ // Take extraContentWithoutAuthData and onEach line perform the following tasks
+ extraContentWithoutAuthData.lines().forEach { line ->
+ // Split the line on ':' and save all the parts into an array
+ // "ABC : DEF:GHI" --> ["ABC", "DEF", "GHI"]
+ val splitArray = line.split(":")
+ // Take the first element of the array. This will be the key for the key-value pair.
+ // ["ABC ", " DEF", "GHI"] -> key = "ABC"
+ val key = splitArray.first().trimEnd()
+ // Remove the first element from the array and join the rest of the string again with
+ // ':' as separator.
+ // ["ABC ", " DEF", "GHI"] -> value = "DEF:GHI"
+ val value = splitArray.drop(1).joinToString(":").trimStart()
+
+ if (key.isNotEmpty() && value.isNotEmpty()) {
+ // If both key and value are not empty, we can form a pair with this so add it to
+ // the map.
+ // key = "ABC", value = "DEF:GHI"
+ items[key] = value
+ } else {
+ // If either key or value is empty, we were not able to form proper key-value pair.
+ // So append the original line into an "EXTRA CONTENT" map entry
+ items.putOrAppend(EXTRA_CONTENT, line)
+ }
+ }
+
+ return items
+ }
+
+ private fun findUsername(): String? {
+ extraContentString.splitToSequence("\n").forEach { line ->
+ for (prefix in USERNAME_FIELDS) {
+ if (line.startsWith(prefix, ignoreCase = true)) return line.substring(prefix.length).trimStart()
+ }
+ }
+ return null
+ }
+
+ private fun updateTotp(millis: Long) {
+ if (totpSecret != null) {
+ Otp.calculateCode(totpSecret, millis / (1000 * totpPeriod), totpAlgorithm, digits)
+ .mapBoth({ code -> _totp.value = code }, { throwable -> throw throwable })
+ }
+ }
+
+ internal companion object {
+
+ private const val EXTRA_CONTENT = "Extra Content"
+ internal val USERNAME_FIELDS =
+ arrayOf(
+ "login:",
+ "username:",
+ "user:",
+ "account:",
+ "email:",
+ "name:",
+ "handle:",
+ "id:",
+ "identity:",
+ )
+ internal val PASSWORD_FIELDS =
+ arrayOf(
+ "password:",
+ "secret:",
+ "pass:",
+ )
+ }
+}
diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt
new file mode 100644
index 00000000..087a5028
--- /dev/null
+++ b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt
@@ -0,0 +1,26 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package dev.msfjarvis.aps.util.time
+
+import java.time.Clock
+import java.time.Instant
+import java.time.ZoneId
+import javax.inject.Inject
+
+/**
+ * A subclass of [Clock] that uses [Clock.systemDefaultZone] to get a clock that works for the
+ * user's current time zone.
+ */
+public open class UserClock @Inject constructor() : Clock() {
+
+ private val clock = systemDefaultZone()
+
+ override fun withZone(zone: ZoneId): Clock = clock.withZone(zone)
+
+ override fun getZone(): ZoneId = clock.zone
+
+ override fun instant(): Instant = clock.instant()
+}
diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt
new file mode 100644
index 00000000..e6efd794
--- /dev/null
+++ b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt
@@ -0,0 +1,74 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package dev.msfjarvis.aps.util.totp
+
+import com.github.michaelbull.result.Err
+import com.github.michaelbull.result.runCatching
+import java.nio.ByteBuffer
+import java.util.Locale
+import javax.crypto.Mac
+import javax.crypto.spec.SecretKeySpec
+import kotlin.experimental.and
+import org.apache.commons.codec.binary.Base32
+
+internal object Otp {
+
+ private val BASE_32 = Base32()
+ private val STEAM_ALPHABET = "23456789BCDFGHJKMNPQRTVWXY".toCharArray()
+
+ init {
+ check(STEAM_ALPHABET.size == 26)
+ }
+
+ fun calculateCode(secret: String, counter: Long, algorithm: String, digits: String) = runCatching {
+ val algo = "Hmac${algorithm.toUpperCase(Locale.ROOT)}"
+ val decodedSecret = BASE_32.decode(secret)
+ val secretKey = SecretKeySpec(decodedSecret, algo)
+ val digest =
+ Mac.getInstance(algo).run {
+ init(secretKey)
+ doFinal(ByteBuffer.allocate(8).putLong(counter).array())
+ }
+ // Least significant 4 bits are used as an offset into the digest.
+ val offset = (digest.last() and 0xf).toInt()
+ // Extract 32 bits at the offset and clear the most significant bit.
+ val code = digest.copyOfRange(offset, offset + 4)
+ code[0] = (0x7f and code[0].toInt()).toByte()
+ val codeInt = ByteBuffer.wrap(code).int
+ check(codeInt > 0)
+ if (digits == "s") {
+ // Steam
+ var remainingCodeInt = codeInt
+ buildString {
+ repeat(5) {
+ append(STEAM_ALPHABET[remainingCodeInt % 26])
+ remainingCodeInt /= 26
+ }
+ }
+ } else {
+ // Base 10, 6 to 10 digits
+ val numDigits = digits.toIntOrNull()
+ when {
+ numDigits == null -> {
+ return Err(IllegalArgumentException("Digits specifier has to be either 's' or numeric"))
+ }
+ numDigits < 6 -> {
+ return Err(IllegalArgumentException("TOTP codes have to be at least 6 digits long"))
+ }
+ numDigits > 10 -> {
+ return Err(IllegalArgumentException("TOTP codes can be at most 10 digits long"))
+ }
+ else -> {
+ // 2^31 = 2_147_483_648, so we can extract at most 10 digits with the first one
+ // always being 0, 1, or 2. Pad with leading zeroes.
+ val codeStringBase10 = codeInt.toString(10).padStart(10, '0')
+ check(codeStringBase10.length == 10)
+ codeStringBase10.takeLast(numDigits)
+ }
+ }
+ }
+ }
+}
diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt
new file mode 100644
index 00000000..64f22065
--- /dev/null
+++ b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt
@@ -0,0 +1,26 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package dev.msfjarvis.aps.util.totp
+
+/** Defines a class that can extract relevant parts of a TOTP URL for use by the app. */
+public interface TotpFinder {
+
+ /** Get the TOTP secret from the given extra content. */
+ public fun findSecret(content: String): String?
+
+ /** Get the number of digits required in the final OTP. */
+ public fun findDigits(content: String): String
+
+ /** Get the TOTP timeout period. */
+ public fun findPeriod(content: String): Long
+
+ /** Get the algorithm for the TOTP secret. */
+ public fun findAlgorithm(content: String): String
+
+ public companion object {
+ public val TOTP_FIELDS: Array<String> = arrayOf("otpauth://totp", "totp:")
+ }
+}