diff options
Diffstat (limited to 'format-common/src/main')
6 files changed, 0 insertions, 434 deletions
diff --git a/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt b/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt deleted file mode 100644 index 1618374f..00000000 --- a/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package app.passwordstore.data.passfile - -import androidx.annotation.VisibleForTesting -import app.passwordstore.util.time.UserClock -import app.passwordstore.util.totp.Otp -import app.passwordstore.util.totp.TotpFinder -import com.github.michaelbull.result.mapBoth -import dagger.assisted.Assisted -import dagger.assisted.AssistedFactory -import dagger.assisted.AssistedInject -import kotlin.collections.set -import kotlin.coroutines.coroutineContext -import kotlin.time.Duration.Companion.milliseconds -import kotlin.time.Duration.Companion.seconds -import kotlinx.coroutines.delay -import kotlinx.coroutines.flow.Flow -import kotlinx.coroutines.flow.flow -import kotlinx.coroutines.isActive - -/** Represents a single entry in the password store. */ -public class PasswordEntry -@AssistedInject -constructor( - /** A time source used to calculate the TOTP */ - private val clock: UserClock, - /** [TotpFinder] implementation to extract data from a TOTP URI */ - private val totpFinder: TotpFinder, - /** The content of this entry, as an array of bytes. */ - @Assisted bytes: ByteArray, -) { - - private val content = bytes.decodeToString() - - /** The password text for this entry. Can be null. */ - public val password: String? - - /** The username for this entry. Can be null. */ - public val username: String? - - /** A [String] to [String] [Map] of the extra content of this entry, in a key:value fashion. */ - public val extraContent: Map<String, String> - - /** - * Direct [String] representation of the extra content of this entry, before any transforms are - * applied. Only use this when the extra content is required in a formatting-preserving manner. - */ - public val extraContentString: String - - /** - * A [Flow] providing the current TOTP. It will start emitting only when collected. If this entry - * does not have a TOTP secret, the flow will never emit. Users should call [hasTotp] before - * collection to check if it is valid to collect this [Flow]. - */ - public val totp: Flow<Totp> = flow { - require(totpSecret != null) { "Cannot collect this flow without a TOTP secret" } - do { - val otp = calculateTotp() - emit(otp) - delay(THOUSAND_MILLIS.milliseconds) - } while (coroutineContext.isActive) - } - - /** Obtain the [Totp.value] for this [PasswordEntry] at the current time. */ - public val currentOtp: String - get() = calculateTotp().value - - /** - * String representation of [extraContent] but with authentication related data such as TOTP URIs - * and usernames stripped. - */ - public val extraContentWithoutAuthData: String - private val totpSecret: String? - - init { - val (foundPassword, passContent) = findAndStripPassword(content.split("\n".toRegex())) - password = foundPassword - extraContentString = passContent.joinToString("\n") - extraContentWithoutAuthData = generateExtraContentWithoutAuthData() - extraContent = generateExtraContentPairs() - username = findUsername() - totpSecret = totpFinder.findSecret(content) - } - - public fun hasTotp(): Boolean { - return totpSecret != null - } - - @Suppress("ReturnCount") - private fun findAndStripPassword(passContent: List<String>): Pair<String?, List<String>> { - if (TotpFinder.TOTP_FIELDS.any { passContent[0].startsWith(it) }) return Pair(null, passContent) - for (line in passContent) { - for (prefix in PASSWORD_FIELDS) { - if (line.startsWith(prefix, ignoreCase = true)) { - return Pair(line.substring(prefix.length).trimStart(), passContent.minus(line)) - } - } - } - return Pair(passContent[0], passContent.minus(passContent[0])) - } - - private fun generateExtraContentWithoutAuthData(): String { - var foundUsername = false - return extraContentString - .lineSequence() - .filter { line -> - return@filter when { - USERNAME_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } && - !foundUsername -> { - foundUsername = true - false - } - TotpFinder.TOTP_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } -> { - false - } - else -> { - true - } - } - } - .joinToString(separator = "\n") - } - - private fun generateExtraContentPairs(): Map<String, String> { - fun MutableMap<String, String>.putOrAppend(key: String, value: String) { - if (value.isEmpty()) return - val existing = this[key] - this[key] = - if (existing == null) { - value - } else { - "$existing\n$value" - } - } - - val items = mutableMapOf<String, String>() - extraContentWithoutAuthData.lines().forEach { line -> - // Split the line on ':' and save all the parts into an array - // "ABC : DEF:GHI" --> ["ABC", "DEF", "GHI"] - val splitArray = line.split(":") - // Take the first element of the array. This will be the key for the key-value pair. - // ["ABC ", " DEF", "GHI"] -> key = "ABC" - val key = splitArray.first().trimEnd() - // Remove the first element from the array and join the rest of the string again with - // ':' as separator. - // ["ABC ", " DEF", "GHI"] -> value = "DEF:GHI" - val value = splitArray.drop(1).joinToString(":").trimStart() - - if (key.isNotEmpty() && value.isNotEmpty()) { - // If both key and value are not empty, we can form a pair with this so add it to - // the map. - // key = "ABC", value = "DEF:GHI" - items[key] = value - } else { - // If either key or value is empty, we were not able to form proper key-value pair. - // So append the original line into an "EXTRA CONTENT" map entry - items.putOrAppend(EXTRA_CONTENT, line) - } - } - - return items - } - - private fun findUsername(): String? { - extraContentString.splitToSequence("\n").forEach { line -> - for (prefix in USERNAME_FIELDS) { - if (line.startsWith(prefix, ignoreCase = true)) - return line.substring(prefix.length).trimStart() - } - } - return null - } - - private fun calculateTotp(): Totp { - val digits = totpFinder.findDigits(content) - val totpPeriod = totpFinder.findPeriod(content) - val totpAlgorithm = totpFinder.findAlgorithm(content) - val issuer = totpFinder.findIssuer(content) - val millis = clock.millis() - val remainingTime = (totpPeriod - ((millis / THOUSAND_MILLIS) % totpPeriod)).seconds - Otp.calculateCode( - totpSecret!!, - millis / (THOUSAND_MILLIS * totpPeriod), - totpAlgorithm, - digits, - issuer - ) - .mapBoth( - { code -> - return Totp(code, remainingTime) - }, - { throwable -> throw throwable } - ) - } - - @AssistedFactory - public interface Factory { - public fun create(bytes: ByteArray): PasswordEntry - } - - public companion object { - - private const val EXTRA_CONTENT = "Extra Content" - @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) - public val USERNAME_FIELDS: Array<String> = - arrayOf( - "login:", - "username:", - "user:", - "account:", - "email:", - "mail:", - "name:", - "handle:", - "id:", - "identity:", - ) - @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) - public val PASSWORD_FIELDS: Array<String> = - arrayOf( - "password:", - "secret:", - "pass:", - ) - private const val THOUSAND_MILLIS = 1000L - } -} diff --git a/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt b/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt deleted file mode 100644 index c279360f..00000000 --- a/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt +++ /dev/null @@ -1,6 +0,0 @@ -package app.passwordstore.data.passfile - -import kotlin.time.Duration - -/** Holder for a TOTP secret and the duration for which it is valid. */ -public data class Totp(public val value: String, public val remainingTime: Duration) diff --git a/format-common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt b/format-common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt deleted file mode 100644 index 4ffeb6a6..00000000 --- a/format-common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package app.passwordstore.util.time - -import java.time.Clock -import java.time.Instant -import java.time.ZoneId -import javax.inject.Inject - -/** - * A subclass of [Clock] that uses [Clock.systemDefaultZone] to get a clock that works for the - * user's current time zone. - */ -public open class UserClock @Inject constructor() : Clock() { - - private val clock = systemDefaultZone() - - override fun withZone(zone: ZoneId): Clock = clock.withZone(zone) - - override fun getZone(): ZoneId = clock.zone - - override fun instant(): Instant = clock.instant() -} diff --git a/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt b/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt deleted file mode 100644 index 10e771fe..00000000 --- a/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package app.passwordstore.util.totp - -import com.github.michaelbull.result.Err -import com.github.michaelbull.result.Result -import com.github.michaelbull.result.runCatching -import java.nio.ByteBuffer -import java.util.Locale -import javax.crypto.Mac -import javax.crypto.spec.SecretKeySpec -import kotlin.experimental.and -import org.apache.commons.codec.binary.Base32 - -public object Otp { - - private val BASE_32 = Base32() - private val STEAM_ALPHABET = "23456789BCDFGHJKMNPQRTVWXY".toCharArray() - private const val BYTE_BUFFER_CAPACITY = 8 - private const val END_INDEX_OFFSET = 4 - private const val STEAM_GUARD_DIGITS = 5 - private const val MINIMUM_DIGITS = 6 - private const val MAXIMUM_DIGITS = 10 - private const val ALPHABET_LENGTH = 26 - private const val MOST_SIGNIFICANT_BYTE = 0x7f - - public fun calculateCode( - secret: String, - counter: Long, - algorithm: String, - digits: String, - issuer: String?, - ): Result<String, Throwable> = runCatching { - val algo = "Hmac${algorithm.uppercase(Locale.ROOT)}" - val decodedSecret = BASE_32.decode(secret) - val secretKey = SecretKeySpec(decodedSecret, algo) - val digest = - Mac.getInstance(algo).run { - init(secretKey) - doFinal(ByteBuffer.allocate(BYTE_BUFFER_CAPACITY).putLong(counter).array()) - } - // Least significant 4 bits are used as an offset into the digest. - val offset = (digest.last() and 0xf).toInt() - // Extract 32 bits at the offset and clear the most significant bit. - val code = digest.copyOfRange(offset, offset.plus(END_INDEX_OFFSET)) - code[0] = (MOST_SIGNIFICANT_BYTE and code[0].toInt()).toByte() - val codeInt = ByteBuffer.wrap(code).int - check(codeInt > 0) - // SteamGuard is a horrible OTP implementation that generates non-standard 5 digit OTPs as - // well - // as uses a custom character set. - if (digits == "s" || issuer == "Steam") { - var remainingCodeInt = codeInt - buildString { - repeat(STEAM_GUARD_DIGITS) { - append(STEAM_ALPHABET[remainingCodeInt % STEAM_ALPHABET.size]) - remainingCodeInt /= ALPHABET_LENGTH - } - } - } else { - // Base 10, 6 to 10 digits - val numDigits = digits.toIntOrNull() - when { - numDigits == null -> { - return Err(IllegalArgumentException("Digits specifier has to be either 's' or numeric")) - } - numDigits < MINIMUM_DIGITS -> { - return Err( - IllegalArgumentException("TOTP codes have to be at least $MINIMUM_DIGITS digits long") - ) - } - numDigits > MAXIMUM_DIGITS -> { - return Err( - IllegalArgumentException("TOTP codes can be at most $MAXIMUM_DIGITS digits long") - ) - } - else -> { - // 2^31 = 2_147_483_648, so we can extract at most 10 digits with the first one - // always being 0, 1, or 2. Pad with leading zeroes. - val codeStringBase10 = codeInt.toString(MAXIMUM_DIGITS).padStart(MAXIMUM_DIGITS, '0') - check(codeStringBase10.length == MAXIMUM_DIGITS) - codeStringBase10.takeLast(numDigits) - } - } - } - } -} diff --git a/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt b/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt deleted file mode 100644 index d53d76dc..00000000 --- a/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package app.passwordstore.util.totp - -/** Defines a class that can extract relevant parts of a TOTP URL for use by the app. */ -public interface TotpFinder { - - /** Get the TOTP secret from the given extra content. */ - public fun findSecret(content: String): String? - - /** Get the number of digits required in the final OTP. */ - public fun findDigits(content: String): String - - /** Get the TOTP timeout period. */ - public fun findPeriod(content: String): Long - - /** Get the algorithm for the TOTP secret. */ - public fun findAlgorithm(content: String): String - - /** Get the issuer for the TOTP secret, if any. */ - public fun findIssuer(content: String): String? - - public companion object { - public val TOTP_FIELDS: Array<String> = arrayOf("otpauth://totp", "totp:") - } -} diff --git a/format-common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt b/format-common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt deleted file mode 100644 index bb97c90c..00000000 --- a/format-common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt +++ /dev/null @@ -1,52 +0,0 @@ -package app.passwordstore.util.totp - -import com.eygraber.uri.Uri -import javax.inject.Inject - -/** [Uri] backed TOTP URL parser. */ -public class UriTotpFinder @Inject constructor() : TotpFinder { - - private companion object { - private const val DEFAULT_TOTP_PERIOD = 30L - } - - override fun findSecret(content: String): String? { - content.split("\n".toRegex()).forEach { line -> - if (line.startsWith(TotpFinder.TOTP_FIELDS[0])) { - return Uri.parse(line).getQueryParameter("secret") - } - if (line.startsWith(TotpFinder.TOTP_FIELDS[1], ignoreCase = true)) { - return line.split(": *".toRegex(), 2).toTypedArray()[1] - } - } - return null - } - - override fun findDigits(content: String): String { - return getQueryParameter(content, "digits") ?: "6" - } - - override fun findPeriod(content: String): Long { - return getQueryParameter(content, "period")?.toLongOrNull() ?: DEFAULT_TOTP_PERIOD - } - - override fun findAlgorithm(content: String): String { - return getQueryParameter(content, "algorithm") ?: "sha1" - } - - override fun findIssuer(content: String): String? { - return getQueryParameter(content, "issuer") ?: Uri.parse(content).authority - } - - private fun getQueryParameter(content: String, parameterName: String): String? { - content.split("\n".toRegex()).forEach { line -> - val uri = Uri.parse(line) - if ( - line.startsWith(TotpFinder.TOTP_FIELDS[0]) && uri.getQueryParameter(parameterName) != null - ) { - return uri.getQueryParameter(parameterName) - } - } - return null - } -} |