Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4ee1d543f7 | |||
| 5b9c711008 | |||
| ddd1005067 |
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "creddy",
|
||||
"version": "0.2.0",
|
||||
"version": "0.2.2",
|
||||
"scripts": {
|
||||
"dev": "vite",
|
||||
"build": "vite build",
|
||||
|
||||
204
src-tauri/Cargo.lock
generated
204
src-tauri/Cargo.lock
generated
@ -8,6 +8,16 @@ version = "1.0.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
|
||||
|
||||
[[package]]
|
||||
name = "aead"
|
||||
version = "0.5.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0"
|
||||
dependencies = [
|
||||
"crypto-common",
|
||||
"generic-array",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ahash"
|
||||
version = "0.7.6"
|
||||
@ -59,31 +69,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8"
|
||||
|
||||
[[package]]
|
||||
name = "app"
|
||||
version = "0.2.0"
|
||||
name = "argon2"
|
||||
version = "0.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "95c2fcf79ad1932ac6269a738109997a83c227c09b75842ae564dc8ede6a861c"
|
||||
dependencies = [
|
||||
"auto-launch",
|
||||
"aws-config",
|
||||
"aws-sdk-sts",
|
||||
"aws-smithy-types",
|
||||
"aws-types",
|
||||
"clap",
|
||||
"dirs 5.0.1",
|
||||
"is-terminal",
|
||||
"netstat2",
|
||||
"once_cell",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"sodiumoxide",
|
||||
"sqlx",
|
||||
"strum",
|
||||
"strum_macros",
|
||||
"sysinfo",
|
||||
"tauri",
|
||||
"tauri-build",
|
||||
"tauri-plugin-single-instance",
|
||||
"thiserror",
|
||||
"tokio",
|
||||
"base64ct",
|
||||
"blake2",
|
||||
"password-hash",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -545,12 +538,27 @@ dependencies = [
|
||||
"simd-abstraction",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "base64ct"
|
||||
version = "1.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
|
||||
|
||||
[[package]]
|
||||
name = "bitflags"
|
||||
version = "1.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
|
||||
|
||||
[[package]]
|
||||
name = "blake2"
|
||||
version = "0.10.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
|
||||
dependencies = [
|
||||
"digest",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "block"
|
||||
version = "0.1.6"
|
||||
@ -727,6 +735,41 @@ version = "1.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
|
||||
|
||||
[[package]]
|
||||
name = "chacha20"
|
||||
version = "0.9.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"cipher",
|
||||
"cpufeatures",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "chacha20poly1305"
|
||||
version = "0.10.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35"
|
||||
dependencies = [
|
||||
"aead",
|
||||
"chacha20",
|
||||
"cipher",
|
||||
"poly1305",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "cipher"
|
||||
version = "0.4.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
|
||||
dependencies = [
|
||||
"crypto-common",
|
||||
"inout",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "clap"
|
||||
version = "3.2.25"
|
||||
@ -902,6 +945,37 @@ dependencies = [
|
||||
"cfg-if",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "creddy"
|
||||
version = "0.2.2"
|
||||
dependencies = [
|
||||
"argon2",
|
||||
"auto-launch",
|
||||
"aws-config",
|
||||
"aws-sdk-sts",
|
||||
"aws-smithy-types",
|
||||
"aws-types",
|
||||
"chacha20poly1305",
|
||||
"clap",
|
||||
"dirs 5.0.1",
|
||||
"gag",
|
||||
"netstat2",
|
||||
"once_cell",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"sodiumoxide",
|
||||
"sqlx",
|
||||
"strum",
|
||||
"strum_macros",
|
||||
"sysinfo",
|
||||
"tauri",
|
||||
"tauri-build",
|
||||
"tauri-plugin-single-instance",
|
||||
"thiserror",
|
||||
"tokio",
|
||||
"windows 0.48.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "crossbeam-channel"
|
||||
version = "0.5.8"
|
||||
@ -962,6 +1036,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
|
||||
dependencies = [
|
||||
"generic-array",
|
||||
"rand_core 0.6.4",
|
||||
"typenum",
|
||||
]
|
||||
|
||||
@ -1273,6 +1348,17 @@ dependencies = [
|
||||
"rustc_version",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "filedescriptor"
|
||||
version = "0.8.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7199d965852c3bac31f779ef99cbb4537f80e952e2d6aa0ffeb30cce00f4f46e"
|
||||
dependencies = [
|
||||
"libc",
|
||||
"thiserror",
|
||||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "filetime"
|
||||
version = "0.2.21"
|
||||
@ -1455,6 +1541,16 @@ dependencies = [
|
||||
"byteorder",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "gag"
|
||||
version = "1.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a713bee13966e9fbffdf7193af71d54a6b35a0bb34997cd6c9519ebeb5005972"
|
||||
dependencies = [
|
||||
"filedescriptor",
|
||||
"tempfile",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "gdk"
|
||||
version = "0.15.4"
|
||||
@ -1996,6 +2092,15 @@ dependencies = [
|
||||
"cfb",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "inout"
|
||||
version = "0.1.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5"
|
||||
dependencies = [
|
||||
"generic-array",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "instant"
|
||||
version = "0.1.12"
|
||||
@ -2016,18 +2121,6 @@ dependencies = [
|
||||
"windows-sys 0.48.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "is-terminal"
|
||||
version = "0.4.7"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "adcf93614601c8129ddf72e2d5633df827ba6551541c6d8c59520a371475be1f"
|
||||
dependencies = [
|
||||
"hermit-abi 0.3.1",
|
||||
"io-lifetimes",
|
||||
"rustix",
|
||||
"windows-sys 0.48.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "itertools"
|
||||
version = "0.10.5"
|
||||
@ -2551,6 +2644,12 @@ version = "1.17.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
|
||||
|
||||
[[package]]
|
||||
name = "opaque-debug"
|
||||
version = "0.3.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
|
||||
|
||||
[[package]]
|
||||
name = "openssl-probe"
|
||||
version = "0.1.5"
|
||||
@ -2681,6 +2780,17 @@ dependencies = [
|
||||
"windows-sys 0.45.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "password-hash"
|
||||
version = "0.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166"
|
||||
dependencies = [
|
||||
"base64ct",
|
||||
"rand_core 0.6.4",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "paste"
|
||||
version = "1.0.12"
|
||||
@ -2872,6 +2982,17 @@ dependencies = [
|
||||
"windows-sys 0.48.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "poly1305"
|
||||
version = "0.8.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf"
|
||||
dependencies = [
|
||||
"cpufeatures",
|
||||
"opaque-debug",
|
||||
"universal-hash",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ppv-lite86"
|
||||
version = "0.2.17"
|
||||
@ -3898,6 +4019,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fe7e0f1d535e7cbbbab43c82be4fc992b84f9156c16c160955617e0260ebc449"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"clap",
|
||||
"cocoa",
|
||||
"dirs-next",
|
||||
"embed_plist",
|
||||
@ -4456,6 +4578,16 @@ version = "0.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e"
|
||||
|
||||
[[package]]
|
||||
name = "universal-hash"
|
||||
version = "0.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7d3160b73c9a19f7e2939a2fdad446c57c1bbbbf4d919d3213ff1267a580d8b5"
|
||||
dependencies = [
|
||||
"crypto-common",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "untrusted"
|
||||
version = "0.7.1"
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
[package]
|
||||
name = "app"
|
||||
version = "0.2.0"
|
||||
description = "A Tauri App"
|
||||
authors = ["you"]
|
||||
name = "creddy"
|
||||
version = "0.2.2"
|
||||
description = "A friendly AWS credentials manager"
|
||||
authors = ["Joseph Montanaro"]
|
||||
license = ""
|
||||
repository = ""
|
||||
default-run = "app"
|
||||
default-run = "creddy"
|
||||
edition = "2021"
|
||||
rust-version = "1.57"
|
||||
|
||||
@ -17,7 +17,7 @@ tauri-build = { version = "1.0.4", features = [] }
|
||||
[dependencies]
|
||||
serde_json = "1.0"
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
tauri = { version = "1.2", features = ["dialog", "os-all", "system-tray"] }
|
||||
tauri = { version = "1.2", features = ["cli", "dialog", "os-all", "system-tray"] }
|
||||
tauri-plugin-single-instance = { git = "https://github.com/tauri-apps/plugins-workspace", branch = "dev" }
|
||||
sodiumoxide = "0.2.7"
|
||||
tokio = { version = ">=1.19", features = ["full"] }
|
||||
@ -35,7 +35,11 @@ strum_macros = "0.24"
|
||||
auto-launch = "0.4.0"
|
||||
dirs = "5.0"
|
||||
clap = { version = "3.2.23", features = ["derive"] }
|
||||
is-terminal = "0.4.7"
|
||||
# is-terminal = "0.4.7"
|
||||
argon2 = { version = "0.5.0", features = ["std"] }
|
||||
chacha20poly1305 = { version = "0.10.1", features = ["std"] }
|
||||
windows = { version = "0.48", features = ["Win32_Foundation", "Win32_System_Console"] }
|
||||
gag = "1.0"
|
||||
|
||||
[features]
|
||||
# by default Tauri runs in production mode
|
||||
|
||||
@ -13,7 +13,6 @@ use tokio::{
|
||||
io::{AsyncReadExt, AsyncWriteExt},
|
||||
};
|
||||
|
||||
|
||||
use crate::app;
|
||||
use crate::config::AppConfig;
|
||||
use crate::credentials::{BaseCredentials, SessionCredentials};
|
||||
@ -23,6 +22,16 @@ use crate::errors::*;
|
||||
pub fn parser() -> Command<'static> {
|
||||
Command::new("creddy")
|
||||
.about("A friendly AWS credentials manager")
|
||||
// we don't want the default help handling because it early-exits,
|
||||
// and on Windows we need to setup the console before we can output
|
||||
.disable_help_flag(true)
|
||||
.arg(
|
||||
Arg::new("help")
|
||||
.short('h')
|
||||
.long("help")
|
||||
.action(ArgAction::SetTrue)
|
||||
.help("Print this message or the help of the given subcommand(s)")
|
||||
)
|
||||
.subcommand(
|
||||
Command::new("run")
|
||||
.about("Launch Creddy")
|
||||
@ -89,7 +98,11 @@ pub fn exec(args: &ArgMatches) -> Result<(), CliError> {
|
||||
}
|
||||
|
||||
#[cfg(unix)]
|
||||
cmd.exec().map_err(|e| ExecError::ExecutionFailed(e))?;
|
||||
{
|
||||
let e = cmd.exec(); // never returns if successful
|
||||
Err(ExecError::ExecutionFailed(e))?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[cfg(windows)]
|
||||
{
|
||||
|
||||
@ -2,7 +2,6 @@ use std::net::Ipv4Addr;
|
||||
use std::path::PathBuf;
|
||||
|
||||
use auto_launch::AutoLaunchBuilder;
|
||||
use is_terminal::IsTerminal;
|
||||
use serde::{Serialize, Deserialize};
|
||||
use sqlx::SqlitePool;
|
||||
|
||||
@ -96,7 +95,7 @@ pub fn get_or_create_db_path() -> Result<PathBuf, DataDirError> {
|
||||
path.push("Creddy");
|
||||
|
||||
std::fs::create_dir_all(&path)?;
|
||||
if cfg!(debug_assertions) && std::io::stdout().is_terminal() {
|
||||
if cfg!(debug_assertions) {
|
||||
path.push("creddy.dev.db");
|
||||
}
|
||||
else {
|
||||
|
||||
@ -1,7 +1,25 @@
|
||||
use std::fmt::{self, Formatter};
|
||||
use std::time::{SystemTime, UNIX_EPOCH};
|
||||
|
||||
use aws_smithy_types::date_time::{DateTime, Format};
|
||||
use aws_smithy_types::date_time::{DateTime, Format};
|
||||
use argon2::{
|
||||
Argon2,
|
||||
Algorithm,
|
||||
Version,
|
||||
ParamsBuilder,
|
||||
password_hash::rand_core::{RngCore, OsRng},
|
||||
};
|
||||
use chacha20poly1305::{
|
||||
XChaCha20Poly1305,
|
||||
XNonce,
|
||||
aead::{
|
||||
Aead,
|
||||
AeadCore,
|
||||
KeyInit,
|
||||
Error as AeadError,
|
||||
generic_array::GenericArray,
|
||||
},
|
||||
};
|
||||
use serde::{
|
||||
Serialize,
|
||||
Deserialize,
|
||||
@ -10,12 +28,7 @@ use serde::{
|
||||
};
|
||||
use serde::de::{self, Visitor};
|
||||
use sqlx::SqlitePool;
|
||||
use sodiumoxide::crypto::{
|
||||
pwhash,
|
||||
pwhash::Salt,
|
||||
secretbox,
|
||||
secretbox::{Nonce, Key}
|
||||
};
|
||||
|
||||
|
||||
use crate::errors::*;
|
||||
|
||||
@ -40,18 +53,17 @@ impl Session {
|
||||
None => {return Ok(Session::Empty);}
|
||||
};
|
||||
|
||||
let salt_buf: [u8; 32] = row.salt
|
||||
.try_into()
|
||||
.map_err(|_e| SetupError::InvalidRecord)?;
|
||||
let nonce_buf: [u8; 24] = row.nonce
|
||||
let salt: [u8; 32] = row.salt
|
||||
.try_into()
|
||||
.map_err(|_e| SetupError::InvalidRecord)?;
|
||||
let nonce = XNonce::from_exact_iter(row.nonce.into_iter())
|
||||
.ok_or(SetupError::InvalidRecord)?;
|
||||
|
||||
let creds = LockedCredentials {
|
||||
access_key_id: row.access_key_id,
|
||||
secret_key_enc: row.secret_key_enc,
|
||||
salt: Salt(salt_buf),
|
||||
nonce: Nonce(nonce_buf),
|
||||
salt,
|
||||
nonce,
|
||||
};
|
||||
Ok(Session::Locked(creds))
|
||||
}
|
||||
@ -76,8 +88,8 @@ impl Session {
|
||||
pub struct LockedCredentials {
|
||||
pub access_key_id: String,
|
||||
pub secret_key_enc: Vec<u8>,
|
||||
pub salt: Salt,
|
||||
pub nonce: Nonce,
|
||||
pub salt: [u8; 32],
|
||||
pub nonce: XNonce,
|
||||
}
|
||||
|
||||
impl LockedCredentials {
|
||||
@ -88,8 +100,8 @@ impl LockedCredentials {
|
||||
)
|
||||
.bind(&self.access_key_id)
|
||||
.bind(&self.secret_key_enc)
|
||||
.bind(&self.salt.0[0..])
|
||||
.bind(&self.nonce.0[0..])
|
||||
.bind(&self.salt[..])
|
||||
.bind(&self.nonce[..])
|
||||
.execute(pool)
|
||||
.await?;
|
||||
|
||||
@ -97,11 +109,10 @@ impl LockedCredentials {
|
||||
}
|
||||
|
||||
pub fn decrypt(&self, passphrase: &str) -> Result<BaseCredentials, UnlockError> {
|
||||
let mut key_buf = [0; secretbox::KEYBYTES];
|
||||
// pretty sure this only fails if we're out of memory
|
||||
pwhash::derive_key_interactive(&mut key_buf, passphrase.as_bytes(), &self.salt).unwrap();
|
||||
let decrypted = secretbox::open(&self.secret_key_enc, &self.nonce, &Key(key_buf))
|
||||
.map_err(|_| UnlockError::BadPassphrase)?;
|
||||
let crypto = Crypto::new(passphrase, &self.salt)
|
||||
.map_err(|e| CryptoError::Argon2(e))?;
|
||||
let decrypted = crypto.decrypt(&self.nonce, &self.secret_key_enc)
|
||||
.map_err(|e| CryptoError::Aead(e))?;
|
||||
let secret_access_key = String::from_utf8(decrypted)
|
||||
.map_err(|_| UnlockError::InvalidUtf8)?;
|
||||
|
||||
@ -122,21 +133,18 @@ pub struct BaseCredentials {
|
||||
}
|
||||
|
||||
impl BaseCredentials {
|
||||
pub fn encrypt(&self, passphrase: &str) -> LockedCredentials {
|
||||
let salt = pwhash::gen_salt();
|
||||
let mut key_buf = [0; secretbox::KEYBYTES];
|
||||
pwhash::derive_key_interactive(&mut key_buf, passphrase.as_bytes(), &salt).unwrap();
|
||||
let key = Key(key_buf);
|
||||
let nonce = secretbox::gen_nonce();
|
||||
pub fn encrypt(&self, passphrase: &str) -> Result<LockedCredentials, CryptoError> {
|
||||
let salt = Crypto::salt();
|
||||
let crypto = Crypto::new(passphrase, &salt)?;
|
||||
let (nonce, secret_key_enc) = crypto.encrypt(self.secret_access_key.as_bytes())?;
|
||||
|
||||
let secret_key_enc = secretbox::seal(self.secret_access_key.as_bytes(), &nonce, &key);
|
||||
|
||||
LockedCredentials {
|
||||
let locked = LockedCredentials {
|
||||
access_key_id: self.access_key_id.clone(),
|
||||
secret_key_enc,
|
||||
salt,
|
||||
nonce,
|
||||
}
|
||||
};
|
||||
Ok(locked)
|
||||
}
|
||||
}
|
||||
|
||||
@ -241,4 +249,73 @@ fn deserialize_expiration<'de, D>(deserializer: D) -> Result<DateTime, D::Error>
|
||||
where D: Deserializer<'de>
|
||||
{
|
||||
deserializer.deserialize_str(DateTimeVisitor)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
struct Crypto {
|
||||
cipher: XChaCha20Poly1305,
|
||||
}
|
||||
|
||||
impl Crypto {
|
||||
/// Argon2 params rationale:
|
||||
///
|
||||
/// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB.
|
||||
/// This should roughly double the memory usage of the application
|
||||
/// while deriving the key.
|
||||
///
|
||||
/// p_cost is irrelevant since (at present) there isn't any parallelism
|
||||
/// implemented, so we leave it at 1.
|
||||
///
|
||||
/// With the above m_cost, t_cost = 8 results in about 800ms to derive
|
||||
/// a key on my (somewhat older) CPU. This is probably overkill, but
|
||||
/// given that it should only have to happen ~once a day for most
|
||||
/// usage, it should be acceptable.
|
||||
#[cfg(not(debug_assertions))]
|
||||
const MEM_COST: u32 = 128 * 1024;
|
||||
#[cfg(not(debug_assertions))]
|
||||
const TIME_COST: u32 = 8;
|
||||
|
||||
/// But since this takes a million years without optimizations,
|
||||
/// we turn it way down in debug builds.
|
||||
#[cfg(debug_assertions)]
|
||||
const MEM_COST: u32 = 48 * 1024;
|
||||
#[cfg(debug_assertions)]
|
||||
const TIME_COST: u32 = 1;
|
||||
|
||||
|
||||
fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> {
|
||||
let params = ParamsBuilder::new()
|
||||
.m_cost(Self::MEM_COST)
|
||||
.p_cost(1)
|
||||
.t_cost(Self::TIME_COST)
|
||||
.build()
|
||||
.unwrap(); // only errors if the given params are invalid
|
||||
|
||||
let hasher = Argon2::new(
|
||||
Algorithm::Argon2id,
|
||||
Version::V0x13,
|
||||
params,
|
||||
);
|
||||
|
||||
let mut key = [0; 32];
|
||||
hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?;
|
||||
let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
|
||||
Ok(Crypto { cipher })
|
||||
}
|
||||
|
||||
fn salt() -> [u8; 32] {
|
||||
let mut salt = [0; 32];
|
||||
OsRng.fill_bytes(&mut salt);
|
||||
salt
|
||||
}
|
||||
|
||||
fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), AeadError> {
|
||||
let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng);
|
||||
let ciphertext = self.cipher.encrypt(&nonce, data)?;
|
||||
Ok((nonce, ciphertext))
|
||||
}
|
||||
|
||||
fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, AeadError> {
|
||||
self.cipher.decrypt(nonce, data)
|
||||
}
|
||||
}
|
||||
|
||||
@ -164,8 +164,8 @@ pub enum UnlockError {
|
||||
NotLocked,
|
||||
#[error("No saved credentials were found")]
|
||||
NoCredentials,
|
||||
#[error("Invalid passphrase")]
|
||||
BadPassphrase,
|
||||
#[error(transparent)]
|
||||
Crypto(#[from] CryptoError),
|
||||
#[error("Data was found to be corrupt after decryption")]
|
||||
InvalidUtf8, // Somehow we got invalid utf-8 even though decryption succeeded
|
||||
#[error("Database error: {0}")]
|
||||
@ -175,6 +175,15 @@ pub enum UnlockError {
|
||||
}
|
||||
|
||||
|
||||
#[derive(Debug, ThisError, AsRefStr)]
|
||||
pub enum CryptoError {
|
||||
#[error(transparent)]
|
||||
Argon2(#[from] argon2::Error),
|
||||
#[error("Invalid passphrase")] // I think this is the only way decryption fails
|
||||
Aead(#[from] chacha20poly1305::aead::Error),
|
||||
}
|
||||
|
||||
|
||||
// Errors encountered while trying to figure out who's on the other end of a request
|
||||
#[derive(Debug, ThisError, AsRefStr)]
|
||||
pub enum ClientInfoError {
|
||||
|
||||
@ -3,6 +3,20 @@
|
||||
windows_subsystem = "windows"
|
||||
)]
|
||||
|
||||
#[cfg(windows)]
|
||||
use {
|
||||
std::fs::File,
|
||||
std::os::windows::io::FromRawHandle,
|
||||
std::os::raw::c_void,
|
||||
gag::Redirect,
|
||||
windows::Win32::System::Console::{
|
||||
AllocConsole,
|
||||
AttachConsole,
|
||||
GetStdHandle,
|
||||
STD_OUTPUT_HANDLE,
|
||||
STD_ERROR_HANDLE,
|
||||
}
|
||||
};
|
||||
|
||||
mod app;
|
||||
mod cli;
|
||||
@ -15,18 +29,40 @@ mod state;
|
||||
mod server;
|
||||
mod tray;
|
||||
|
||||
|
||||
use crate::errors::ErrorPopup;
|
||||
|
||||
|
||||
use std::io::Write;
|
||||
fn main() {
|
||||
let res = match cli::parser().get_matches().subcommand() {
|
||||
None | Some(("run", _)) => {
|
||||
let args = cli::parser().get_matches();
|
||||
let help = matches!(args.get_one::<bool>("help"), Some(true));
|
||||
|
||||
// This is the only case that doesn't need a console
|
||||
if let None | Some(("run", _)) = args.subcommand() {
|
||||
if !help {
|
||||
app::run().error_popup("Creddy failed to start");
|
||||
Ok(())
|
||||
},
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// on Windows, need to do the whole allocate-a-console thing
|
||||
#[cfg(windows)]
|
||||
attach_console();
|
||||
// let (out, err) = setup_console();
|
||||
println!("Testing stdout");
|
||||
// writeln!(&mut out, "Testing allocated file");
|
||||
|
||||
if help {
|
||||
// if we can't print help, we can't print an error, so just panic
|
||||
dbg!(args.get_one::<bool>("help"));
|
||||
cli::parser().print_help().unwrap();
|
||||
std::thread::sleep(std::time::Duration::from_secs(3));
|
||||
return;
|
||||
}
|
||||
|
||||
let res = match args.subcommand() {
|
||||
Some(("show", m)) => cli::show(m),
|
||||
Some(("exec", m)) => cli::exec(m),
|
||||
// clap ensures that subcommand is either None or run/show/exec
|
||||
_ => unreachable!(),
|
||||
};
|
||||
|
||||
@ -34,3 +70,43 @@ fn main() {
|
||||
eprintln!("Error: {e}");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
fn attach_console() {
|
||||
unsafe { AttachConsole(u32::MAX); }
|
||||
}
|
||||
|
||||
|
||||
|
||||
fn setup_console() -> (Redirect<File>, Redirect<File>) {
|
||||
let (mut stdout, stderr) = unsafe {
|
||||
AllocConsole();
|
||||
// if we can't get handles to stdout/err, we can't display these errors,
|
||||
// so there's no point in doing anything other than panicking
|
||||
let stdout_handle = GetStdHandle(STD_OUTPUT_HANDLE).unwrap();
|
||||
let stderr_handle = GetStdHandle(STD_ERROR_HANDLE).unwrap();
|
||||
|
||||
let mut f = File::create("C:\\Users\\Joe\\Downloads\\debug.txt").unwrap();
|
||||
writeln!(&mut f, "{stdout_handle:?}\n{:?}", stdout_handle.0 as *mut c_void).unwrap();
|
||||
|
||||
(
|
||||
File::from_raw_handle(stdout_handle.0 as *mut c_void),
|
||||
File::from_raw_handle(stderr_handle.0 as *mut c_void),
|
||||
)
|
||||
};
|
||||
|
||||
writeln!(&mut stdout, "Testing stdout before redirect")
|
||||
.map_err(|e| log_err(e))
|
||||
.unwrap();
|
||||
|
||||
(
|
||||
Redirect::stdout(stdout).unwrap(),
|
||||
Redirect::stderr(stderr).unwrap()
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
fn log_err(e: impl std::error::Error) {
|
||||
let mut f = File::create("C:\\Users\\Joe\\Downloads\\log.txt").unwrap();
|
||||
writeln!(&mut f, "{e}").unwrap();
|
||||
}
|
||||
|
||||
@ -48,7 +48,7 @@ impl AppState {
|
||||
}
|
||||
|
||||
pub async fn new_creds(&self, base_creds: BaseCredentials, passphrase: &str) -> Result<(), UnlockError> {
|
||||
let locked = base_creds.encrypt(passphrase);
|
||||
let locked = base_creds.encrypt(passphrase)?;
|
||||
// do this first so that if it fails we don't save bad credentials
|
||||
self.new_session(base_creds).await?;
|
||||
locked.save(&self.pool).await?;
|
||||
|
||||
@ -7,8 +7,8 @@
|
||||
"distDir": "../dist"
|
||||
},
|
||||
"package": {
|
||||
"productName": "creddy",
|
||||
"version": "0.2.0"
|
||||
"productName": "Creddy",
|
||||
"version": "0.2.2"
|
||||
},
|
||||
"tauri": {
|
||||
"allowlist": {
|
||||
@ -47,6 +47,14 @@
|
||||
"timestampUrl": ""
|
||||
}
|
||||
},
|
||||
"cli": {
|
||||
"description": "A friendly AWS credentials manager",
|
||||
"subcommands": {
|
||||
"run": {
|
||||
"description": "Launch Creddy"
|
||||
}
|
||||
}
|
||||
},
|
||||
"security": {
|
||||
"csp": {
|
||||
"default-src": ["'self'"],
|
||||
|
||||
@ -15,7 +15,6 @@ invoke('get_config').then(config => $appState.config = config);
|
||||
listen('credentials-request', (tauriEvent) => {
|
||||
$appState.pendingRequests.put(tauriEvent.payload);
|
||||
});
|
||||
window.state = $appState;
|
||||
|
||||
acceptRequest();
|
||||
</script>
|
||||
|
||||
113
src/ui/Spinner.svelte
Normal file
113
src/ui/Spinner.svelte
Normal file
@ -0,0 +1,113 @@
|
||||
<script>
|
||||
export let color = 'base-content';
|
||||
export let thickness = '2px';
|
||||
let classes = '';
|
||||
export { classes as class };
|
||||
|
||||
const colorVars = {
|
||||
'primary': 'p',
|
||||
'primary-focus': 'pf',
|
||||
'primary-content': 'pc',
|
||||
'secondary': 's',
|
||||
'secondary-focus': 'sf',
|
||||
'secondary-content': 'sc',
|
||||
'accent': 'a',
|
||||
'accent-focus': 'af',
|
||||
'accent-content': 'ac',
|
||||
'neutral': 'n',
|
||||
'neutral-focus': 'nf',
|
||||
'neutral-content': 'nc',
|
||||
'base-100': 'b1',
|
||||
'base-200': 'b2',
|
||||
'base-300': 'b3',
|
||||
'base-content': 'bc',
|
||||
'info': 'in',
|
||||
'info-content': 'inc',
|
||||
'success': 'su',
|
||||
'success-content': 'suc',
|
||||
'warning': 'wa',
|
||||
'warning-content': 'wac',
|
||||
'error': 'er',
|
||||
'error-content': 'erc',
|
||||
}
|
||||
|
||||
let arcStyle = `border-width: ${thickness};`;
|
||||
arcStyle += `border-color: hsl(var(--${colorVars[color]})) transparent transparent transparent;`;
|
||||
</script>
|
||||
|
||||
<style>
|
||||
#spinner {
|
||||
position: relative;
|
||||
|
||||
animation: spin;
|
||||
animation-duration: 1.5s;
|
||||
animation-iteration-count: infinite;
|
||||
animation-timing-function: linear;
|
||||
}
|
||||
|
||||
@keyframes spin {
|
||||
50% { transform: rotate(225deg); }
|
||||
100% { transform: rotate(360deg); }
|
||||
}
|
||||
|
||||
.arc {
|
||||
position: absolute;
|
||||
top: 0;
|
||||
left: 0;
|
||||
border-radius: 9999px;
|
||||
}
|
||||
|
||||
.arc-top {
|
||||
transform: rotate(-45deg);
|
||||
}
|
||||
|
||||
.arc-right {
|
||||
animation: spin-right;
|
||||
animation-duration: 3s;
|
||||
animation-iteration-count: infinite;
|
||||
}
|
||||
|
||||
.arc-bottom {
|
||||
animation: spin-bottom;
|
||||
animation-duration: 3s;
|
||||
animation-iteration-count: infinite;
|
||||
}
|
||||
|
||||
.arc-left {
|
||||
animation: spin-left;
|
||||
animation-duration: 3s;
|
||||
animation-iteration-count: infinite;
|
||||
}
|
||||
|
||||
@keyframes spin-top {
|
||||
0% { transform: rotate(-45deg); }
|
||||
50% { transform: rotate(315deg); }
|
||||
100% { transform: rotate(-45deg); }
|
||||
}
|
||||
|
||||
@keyframes spin-right {
|
||||
0% { transform: rotate(45deg); }
|
||||
50% { transform: rotate(315deg); }
|
||||
100% { transform: rotate(405deg); }
|
||||
}
|
||||
|
||||
@keyframes spin-bottom {
|
||||
0% { transform: rotate(135deg); }
|
||||
50% { transform: rotate(315deg); }
|
||||
100% { transform: rotate(495deg); }
|
||||
}
|
||||
|
||||
@keyframes spin-left {
|
||||
0% { transform: rotate(225deg); }
|
||||
50% { transform: rotate(315deg); }
|
||||
100% { transform: rotate(585deg); }
|
||||
}
|
||||
</style>
|
||||
|
||||
|
||||
<div id="spinner" class="w-6 h-6 {classes}">
|
||||
<div class="arc arc-top w-full h-full" style={arcStyle}></div>
|
||||
<div class="arc arc-right w-full h-full" style={arcStyle}></div>
|
||||
<div class="arc arc-bottom w-full h-full" style={arcStyle}></div>
|
||||
<div class="arc arc-left w-full h-full" style={arcStyle}></div>
|
||||
</div>
|
||||
@ -7,6 +7,7 @@
|
||||
import { navigate } from '../lib/routing.js';
|
||||
import Link from '../ui/Link.svelte';
|
||||
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
||||
import Spinner from '../ui/Spinner.svelte';
|
||||
|
||||
|
||||
let errorMsg = null;
|
||||
@ -19,6 +20,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
let saving = false;
|
||||
async function save() {
|
||||
if (passphrase !== confirmPassphrase) {
|
||||
alert.shake();
|
||||
@ -27,6 +29,7 @@
|
||||
|
||||
let credentials = {AccessKeyId, SecretAccessKey};
|
||||
try {
|
||||
saving = true;
|
||||
await invoke('save_credentials', {credentials, passphrase});
|
||||
if ($appState.currentRequest) {
|
||||
navigate('Approve');
|
||||
@ -47,6 +50,8 @@
|
||||
if (alert) {
|
||||
alert.shake();
|
||||
}
|
||||
|
||||
saving = false;
|
||||
}
|
||||
}
|
||||
</script>
|
||||
@ -65,7 +70,13 @@
|
||||
<input type="password" placeholder="Passphrase" bind:value="{passphrase}" class="input input-bordered" />
|
||||
<input type="password" placeholder="Re-enter passphrase" bind:value={confirmPassphrase} class="input input-bordered" on:change={confirm} />
|
||||
|
||||
<input type="submit" class="btn btn-primary" />
|
||||
<button type="submit" class="btn btn-primary">
|
||||
{#if saving}
|
||||
<Spinner class="w-5 h-5" color="primary-content" thickness="2px"/>
|
||||
{:else}
|
||||
Submit
|
||||
{/if}
|
||||
</button>
|
||||
<Link target="Home" hotkey="Escape">
|
||||
<button class="btn btn-sm btn-outline w-full">Cancel</button>
|
||||
</Link>
|
||||
|
||||
@ -7,12 +7,14 @@
|
||||
import { getRootCause } from '../lib/errors.js';
|
||||
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
||||
import Link from '../ui/Link.svelte';
|
||||
import Spinner from '../ui/Spinner.svelte';
|
||||
|
||||
|
||||
let errorMsg = null;
|
||||
let alert;
|
||||
let passphrase = '';
|
||||
let loadTime = 0;
|
||||
let saving = false;
|
||||
async function unlock() {
|
||||
// The hotkey for navigating here from homepage is Enter, which also
|
||||
// happens to trigger the form submit event
|
||||
@ -21,6 +23,7 @@
|
||||
}
|
||||
|
||||
try {
|
||||
saving = true;
|
||||
let r = await invoke('unlock', {passphrase});
|
||||
$appState.credentialStatus = 'unlocked';
|
||||
if ($appState.currentRequest) {
|
||||
@ -43,6 +46,8 @@
|
||||
if (alert) {
|
||||
alert.shake();
|
||||
}
|
||||
|
||||
saving = true;
|
||||
}
|
||||
}
|
||||
|
||||
@ -62,7 +67,14 @@
|
||||
<!-- svelte-ignore a11y-autofocus -->
|
||||
<input autofocus name="password" type="password" placeholder="correct horse battery staple" bind:value="{passphrase}" class="input input-bordered" />
|
||||
|
||||
<input type="submit" class="btn btn-primary" />
|
||||
<button type="submit" class="btn btn-primary">
|
||||
{#if saving}
|
||||
<Spinner class="w-5 h-5" color="primary-content" thickness="2px"/>
|
||||
{:else}
|
||||
Submit
|
||||
{/if}
|
||||
</button>
|
||||
|
||||
<Link target="Home" hotkey="Escape">
|
||||
<button class="btn btn-outline btn-sm w-full">Cancel</button>
|
||||
</Link>
|
||||
|
||||
Reference in New Issue
Block a user