from origin repo gh:ddworken/hishtory, commit 480630e9181167b51554f4407db55717d9b7e4dd
This commit is contained in:
setop
165
client/data/data.go
Normal file
165
client/data/data.go
Normal file
@@ -0,0 +1,165 @@
|
||||
package data
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/hmac"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"database/sql/driver"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"time"
|
||||
|
||||
"github.com/ddworken/hishtory/shared"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
const (
|
||||
KdfUserID = "user_id"
|
||||
KdfEncryptionKey = "encryption_key"
|
||||
CONFIG_PATH = ".hishtory.config"
|
||||
HISHTORY_PATH = ".hishtory"
|
||||
DB_PATH = ".hishtory.db"
|
||||
)
|
||||
|
||||
type HistoryEntry struct {
|
||||
LocalUsername string `json:"local_username" gorm:"uniqueIndex:compositeindex"`
|
||||
Hostname string `json:"hostname" gorm:"uniqueIndex:compositeindex"`
|
||||
Command string `json:"command" gorm:"uniqueIndex:compositeindex"`
|
||||
CurrentWorkingDirectory string `json:"current_working_directory" gorm:"uniqueIndex:compositeindex"`
|
||||
HomeDirectory string `json:"home_directory" gorm:"uniqueIndex:compositeindex"`
|
||||
ExitCode int `json:"exit_code" gorm:"uniqueIndex:compositeindex"`
|
||||
StartTime time.Time `json:"start_time" gorm:"uniqueIndex:compositeindex"`
|
||||
EndTime time.Time `json:"end_time" gorm:"uniqueIndex:compositeindex"`
|
||||
DeviceId string `json:"device_id" gorm:"uniqueIndex:compositeindex"`
|
||||
CustomColumns CustomColumns `json:"custom_columns"`
|
||||
}
|
||||
|
||||
type CustomColumns []CustomColumn
|
||||
|
||||
type CustomColumn struct {
|
||||
Name string `json:"name"`
|
||||
Val string `json:"value"`
|
||||
}
|
||||
|
||||
func (c *CustomColumns) Scan(value interface{}) error {
|
||||
bytes, ok := value.([]byte)
|
||||
if !ok {
|
||||
return fmt.Errorf("failed to unmarshal CustomColumns value %#v", value)
|
||||
}
|
||||
|
||||
return json.Unmarshal(bytes, c)
|
||||
}
|
||||
|
||||
func (c CustomColumns) Value() (driver.Value, error) {
|
||||
return json.Marshal(c)
|
||||
}
|
||||
|
||||
func (h *HistoryEntry) GoString() string {
|
||||
return fmt.Sprintf("%#v", *h)
|
||||
}
|
||||
|
||||
func sha256hmac(key, additionalData string) []byte {
|
||||
h := hmac.New(sha256.New, []byte(key))
|
||||
h.Write([]byte(additionalData))
|
||||
return h.Sum(nil)
|
||||
}
|
||||
|
||||
func UserId(key string) string {
|
||||
return base64.URLEncoding.EncodeToString(sha256hmac(key, KdfUserID))
|
||||
}
|
||||
|
||||
func EncryptionKey(userSecret string) []byte {
|
||||
return sha256hmac(userSecret, KdfEncryptionKey)
|
||||
}
|
||||
|
||||
func makeAead(userSecret string) (cipher.AEAD, error) {
|
||||
key := EncryptionKey(userSecret)
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
aead, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return aead, nil
|
||||
}
|
||||
|
||||
func Encrypt(userSecret string, data, additionalData []byte) ([]byte, []byte, error) {
|
||||
aead, err := makeAead(userSecret)
|
||||
if err != nil {
|
||||
return []byte{}, []byte{}, fmt.Errorf("failed to make AEAD: %v", err)
|
||||
}
|
||||
nonce := make([]byte, 12)
|
||||
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
||||
return []byte{}, []byte{}, fmt.Errorf("failed to read a nonce: %v", err)
|
||||
}
|
||||
ciphertext := aead.Seal(nil, nonce, data, additionalData)
|
||||
_, err = aead.Open(nil, nonce, ciphertext, additionalData)
|
||||
if err != nil {
|
||||
return []byte{}, []byte{}, fmt.Errorf("failed to open AEAD: %v", err)
|
||||
}
|
||||
return ciphertext, nonce, nil
|
||||
}
|
||||
|
||||
func Decrypt(userSecret string, data, additionalData, nonce []byte) ([]byte, error) {
|
||||
aead, err := makeAead(userSecret)
|
||||
if err != nil {
|
||||
return []byte{}, fmt.Errorf("failed to make AEAD: %v", err)
|
||||
}
|
||||
plaintext, err := aead.Open(nil, nonce, data, additionalData)
|
||||
if err != nil {
|
||||
return []byte{}, fmt.Errorf("failed to decrypt: %v", err)
|
||||
}
|
||||
return plaintext, nil
|
||||
}
|
||||
|
||||
func EncryptHistoryEntry(userSecret string, entry HistoryEntry) (shared.EncHistoryEntry, error) {
|
||||
data, err := json.Marshal(entry)
|
||||
if err != nil {
|
||||
return shared.EncHistoryEntry{}, err
|
||||
}
|
||||
ciphertext, nonce, err := Encrypt(userSecret, data, []byte(UserId(userSecret)))
|
||||
if err != nil {
|
||||
return shared.EncHistoryEntry{}, err
|
||||
}
|
||||
return shared.EncHistoryEntry{
|
||||
EncryptedData: ciphertext,
|
||||
Nonce: nonce,
|
||||
UserId: UserId(userSecret),
|
||||
Date: entry.EndTime,
|
||||
EncryptedId: uuid.Must(uuid.NewRandom()).String(),
|
||||
ReadCount: 0,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func DecryptHistoryEntry(userSecret string, entry shared.EncHistoryEntry) (HistoryEntry, error) {
|
||||
if entry.UserId != UserId(userSecret) {
|
||||
return HistoryEntry{}, fmt.Errorf("refusing to decrypt history entry with mismatching UserId")
|
||||
}
|
||||
plaintext, err := Decrypt(userSecret, entry.EncryptedData, []byte(UserId(userSecret)), entry.Nonce)
|
||||
if err != nil {
|
||||
return HistoryEntry{}, nil
|
||||
}
|
||||
var decryptedEntry HistoryEntry
|
||||
err = json.Unmarshal(plaintext, &decryptedEntry)
|
||||
if err != nil {
|
||||
return HistoryEntry{}, nil
|
||||
}
|
||||
return decryptedEntry, nil
|
||||
}
|
||||
|
||||
func EntryEquals(entry1, entry2 HistoryEntry) bool {
|
||||
return entry1.LocalUsername == entry2.LocalUsername &&
|
||||
entry1.Hostname == entry2.Hostname &&
|
||||
entry1.Command == entry2.Command &&
|
||||
entry1.CurrentWorkingDirectory == entry2.CurrentWorkingDirectory &&
|
||||
entry1.HomeDirectory == entry2.HomeDirectory &&
|
||||
entry1.ExitCode == entry2.ExitCode &&
|
||||
entry1.StartTime.Format(time.RFC3339) == entry2.StartTime.Format(time.RFC3339) &&
|
||||
entry1.EndTime.Format(time.RFC3339) == entry2.EndTime.Format(time.RFC3339)
|
||||
}
|
||||
61
client/data/data_test.go
Normal file
61
client/data/data_test.go
Normal file
@@ -0,0 +1,61 @@
|
||||
package data
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestEncryptDecrypt(t *testing.T) {
|
||||
k1 := EncryptionKey("key")
|
||||
k2 := EncryptionKey("key")
|
||||
if string(k1) != string(k2) {
|
||||
t.Fatalf("Expected EncryptionKey to be deterministic!")
|
||||
}
|
||||
|
||||
ciphertext, nonce, err := Encrypt("key", []byte("hello world!"), []byte("extra"))
|
||||
checkError(t, err)
|
||||
plaintext, err := Decrypt("key", ciphertext, []byte("extra"), nonce)
|
||||
checkError(t, err)
|
||||
if string(plaintext) != "hello world!" {
|
||||
t.Fatalf("Expected decrypt(encrypt(x)) to work, but it didn't!")
|
||||
}
|
||||
}
|
||||
|
||||
func checkError(t *testing.T, err error) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCustomColumnSerialization(t *testing.T) {
|
||||
cc1 := CustomColumn{
|
||||
Name: "name1",
|
||||
Val: "val1",
|
||||
}
|
||||
cc2 := CustomColumn{
|
||||
Name: "name2",
|
||||
Val: "val2",
|
||||
}
|
||||
var ccs CustomColumns = make(CustomColumns, 0)
|
||||
|
||||
// Empty array
|
||||
v, err := ccs.Value()
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected err: %v", err)
|
||||
}
|
||||
val := string(v.([]uint8))
|
||||
if val != "[]" {
|
||||
t.Fatalf("unexpected val for empty CustomColumns: %#v", val)
|
||||
}
|
||||
|
||||
// Non-empty array
|
||||
ccs = append(ccs, cc1, cc2)
|
||||
v, err = ccs.Value()
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected err: %v", err)
|
||||
}
|
||||
val = string(v.([]uint8))
|
||||
if val != "[{\"name\":\"name1\",\"value\":\"val1\"},{\"name\":\"name2\",\"value\":\"val2\"}]" {
|
||||
t.Fatalf("unexpected val for empty CustomColumns: %#v", val)
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user