1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
//! Passwords for encryption.
use pbkdf2::{
password_hash::{PasswordHasher, SaltString},
Pbkdf2,
};
use rand::rngs::OsRng;
use serde::{Deserialize, Serialize};
use std::io::prelude::Write;
use std::os::unix::fs::PermissionsExt;
use std::path::{Path, PathBuf};
const KEY_LEN: usize = 32; // Only size accepted by aead crate?
/// Encryption password.
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct Passwords {
encryption: String,
}
impl Passwords {
/// Create a new encryption password from a user-supplied passphrase.
pub fn new(passphrase: &str) -> Self {
let mut key = derive_password(passphrase);
let _ = key.split_off(KEY_LEN);
assert_eq!(key.len(), KEY_LEN);
Self { encryption: key }
}
/// Get encryption key.
pub fn encryption_key(&self) -> &[u8] {
self.encryption.as_bytes()
}
/// Load passwords from file.
pub fn load(filename: &Path) -> Result<Self, PasswordError> {
let data = std::fs::read(filename)
.map_err(|err| PasswordError::Read(filename.to_path_buf(), err))?;
serde_yaml::from_slice(&data)
.map_err(|err| PasswordError::Parse(filename.to_path_buf(), err))
}
/// Save passwords to file.
pub fn save(&self, filename: &Path) -> Result<(), PasswordError> {
eprintln!("saving passwords to {:?}", filename);
let data = serde_yaml::to_string(&self).map_err(PasswordError::Serialize)?;
let mut file = std::fs::File::create(filename)
.map_err(|err| PasswordError::Write(filename.to_path_buf(), err))?;
let metadata = file
.metadata()
.map_err(|err| PasswordError::Write(filename.to_path_buf(), err))?;
let mut permissions = metadata.permissions();
// Make readadable by owner only. We still have the open file
// handle, so we can write the content.
permissions.set_mode(0o400);
std::fs::set_permissions(filename, permissions)
.map_err(|err| PasswordError::Write(filename.to_path_buf(), err))?;
// Write actual content.
file.write_all(data.as_bytes())
.map_err(|err| PasswordError::Write(filename.to_path_buf(), err))?;
Ok(())
}
}
/// Return name of password file, relative to configuration file.
pub fn passwords_filename(config_filename: &Path) -> PathBuf {
let mut filename = config_filename.to_path_buf();
filename.set_file_name("passwords.yaml");
filename
}
fn derive_password(passphrase: &str) -> String {
let salt = SaltString::generate(&mut OsRng);
Pbkdf2
.hash_password(passphrase.as_bytes(), salt.as_ref())
.unwrap()
.to_string()
}
/// Possible errors from passwords.
#[derive(Debug, thiserror::Error)]
pub enum PasswordError {
/// Failed to make YAML when saving passwords.
#[error("failed to serialize passwords for saving: {0}")]
Serialize(serde_yaml::Error),
/// Failed to save to file.
#[error("failed to save passwords to {0}: {1}")]
Write(PathBuf, std::io::Error),
/// Failed read passwords file.
#[error("failed to read passwords from {0}: {1}")]
Read(PathBuf, std::io::Error),
/// Failed to parse passwords file.
#[error("failed to parse saved passwords from {0}: {1}")]
Parse(PathBuf, serde_yaml::Error),
}
|