hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.7.2, support store secret to not default keychain

Browse Source
This commit is contained in:
Hatter Jiang
2023-12-30 11:50:46 +08:00
parent 3ce150db72
commit 2e53130ead
4 changed files with 68 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/cmd_initkeychain.rs
View File

@@ -55,7 +55,7 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
return simple_error!("Secure enclave is not supported.");
}
let keychain_name = cmd_init_keychain.keychain_name.as_ref().map(String::as_str).unwrap_or("");
let keychain_name = cmd_init_keychain.keychain_name.as_deref().unwrap_or("");
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let key_name = &cmd_init_keychain.key_name;
@@ -85,7 +85,7 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
}
pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
let keychain_name = cmd_init_keychain.keychain_name.as_ref().map(String::as_str).unwrap_or("");
let keychain_name = cmd_init_keychain.keychain_name.as_deref().unwrap_or("");
let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
let key_name = &cmd_init_keychain.key_name;
let keychain_key = KeychainKey::from(keychain_name, service_name, key_name);

48
src/util_keychainstatic.rs
View File

@@ -1,8 +1,10 @@
use std::path::PathBuf;
use pqcrypto_kyber::kyber1024;
use pqcrypto_kyber::kyber1024::Ciphertext as Kyber1024Ciphertext;
use pqcrypto_kyber::kyber1024::PublicKey as Kyber1024PublicKey;
use pqcrypto_kyber::kyber1024::SecretKey as Kyber1024SecretKey;
use rust_util::{debugging, opt_result, opt_value_result, simple_error, XResult};
use rust_util::{debugging, opt_result, opt_value_result, simple_error, util_file, XResult};
use security_framework::os::macos::keychain::{CreateOptions, SecKeychain};
use x25519_dalek::{PublicKey, StaticSecret};
use zeroize::Zeroize;
@@ -202,15 +204,18 @@ impl KeychainKey {
fn get_keychain(&self) -> XResult<SecKeychain> {
if !self.keychain_name.is_empty() {
// TODO --keychain-name test failed
debugging!("Open or create keychain: {}", &self.keychain_name);
let keychain_path = format!("{}.keychain", &self.keychain_name);
debugging!("Keychain path: {}", &keychain_path);
match SecKeychain::open(&keychain_path) {
Ok(sec_keychain) => Ok(sec_keychain),
Err(e) => match CreateOptions::new().prompt_user(true).create(&keychain_path) {
let keychain_file_name = format!("{}.keychain", &self.keychain_name);
debugging!("Open or create keychain: {}", &keychain_file_name);
let keychain_exists = check_keychain_exists(&keychain_file_name);
if keychain_exists {
Ok(opt_result!(SecKeychain::open(&keychain_file_name), "Open keychain: {}, failed: {}", &keychain_file_name))
} else {
match CreateOptions::new().prompt_user(true).create(&keychain_file_name) {
Ok(sec_keychain) => Ok(sec_keychain),
Err(ce) => simple_error!("Open keychain: {}, failed: {}, create also failed: {}", &self.keychain_name, e, ce)
Err(ce) => match SecKeychain::open(&keychain_file_name) {
Ok(sec_keychain) => Ok(sec_keychain),
Err(oe) => simple_error!("Create keychain: {}, failed: {}, open also failed: {}", &self.keychain_name, ce, oe)
}
}
}
} else {
@@ -261,4 +266,29 @@ pub fn generate_static_kyber1024_secret() -> (String, Kyber1024PublicKey) {
let kyber1024_static_secret =
KeychainStaticSecret::from_kyber1024_bytes(static_secret_bytes, static_public_bytes);
(kyber1024_static_secret.to_str(), public_key)
}
fn check_keychain_exists(keychain_file_name: &str) -> bool {
let keychain_path = PathBuf::from(util_file::resolve_file_path("~/Library/Keychains/"));
match keychain_path.read_dir() {
Ok(read_dir) => {
for dir in read_dir {
match dir {
Ok(dir) => if let Some(file_name) = dir.file_name().to_str() {
if file_name.starts_with(keychain_file_name) {
debugging!("Found key chain file: {:?}", dir);
return true;
}
}
Err(e) => {
debugging!("Read path sub dir: {:?} failed: {}", keychain_path, e);
}
}
}
}
Err(e) => {
debugging!("Read path: {:?} failed: {}", keychain_path, e);
}
}
false
}