Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
12e2d63da8
|
|||
|
31c71c7c51
|
|||
|
141f048d13
|
|||
|
0ba80e7314
|
|||
|
338f8f6729
|
|||
|
0202fe3162
|
@@ -1,4 +1,5 @@
|
||||
.*
|
||||
target/rls
|
||||
target/*/deps
|
||||
target/*/build
|
||||
target/*/.fingerprint
|
||||
|
||||
@@ -3,8 +3,9 @@ name: default
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: rust:1.37.0
|
||||
image: rust:1.37.0-buster
|
||||
commands:
|
||||
- apt update && apt install git clang make pkg-config nettle-dev libssl-dev capnproto libsqlite3-dev -y
|
||||
- cargo test
|
||||
- rustup target add x86_64-unknown-linux-musl
|
||||
- cargo build --release --target x86_64-unknown-linux-musl
|
||||
|
||||
1103
Cargo.lock
generated
1103
Cargo.lock
generated
File diff suppressed because it is too large
Load Diff
@@ -16,3 +16,8 @@ rand = "0.4.2"
|
||||
|
||||
byteorder = "1.3.2"
|
||||
chrono = "0.4.9"
|
||||
sequoia-openpgp = "0.9.0"
|
||||
lazy_static = "1.4.0"
|
||||
c2-chacha = "0.2.2"
|
||||
sha2 = "0.8.0"
|
||||
hex = "0.3.2"
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
FROM scratch
|
||||
FROM debian:buster-slim
|
||||
|
||||
VOLUME /snips
|
||||
|
||||
EXPOSE 3000
|
||||
|
||||
COPY target/x86_64-unknown-linux-musl/release/brownpaper /bin/
|
||||
COPY target/release/brownpaper /bin/
|
||||
|
||||
ENTRYPOINT [ "/bin/brownpaper" ]
|
||||
ENTRYPOINT [ "/bin/brownpaper" ]
|
||||
|
||||
45
src/chacha_io.rs
Normal file
45
src/chacha_io.rs
Normal file
@@ -0,0 +1,45 @@
|
||||
use c2_chacha::stream_cipher::{NewStreamCipher, SyncStreamCipher, SyncStreamCipherSeek};
|
||||
use c2_chacha::{ChaCha12, ChaCha20};
|
||||
use std::convert::TryInto;
|
||||
use std::io::{Read, Result, Write};
|
||||
|
||||
pub struct ChaChaReader<'a>(ChaCha20, &'a mut Read);
|
||||
|
||||
impl<'a> ChaChaReader<'a> {
|
||||
pub fn new(key: &[u8], nonce: &[u8], source: &'a mut Read) -> ChaChaReader<'a> {
|
||||
ChaChaReader(ChaCha20::new_var(key, nonce).unwrap(), source)
|
||||
}
|
||||
}
|
||||
|
||||
impl<'a> Read for ChaChaReader<'a> {
|
||||
fn read(&mut self, buf: &mut [u8]) -> Result<usize> {
|
||||
let red = self.1.read(buf)?;
|
||||
self.0.apply_keystream(buf);
|
||||
Ok(red)
|
||||
}
|
||||
}
|
||||
|
||||
pub struct ChaChaWriter<'a>(ChaCha20, &'a mut Write);
|
||||
|
||||
impl<'a> ChaChaWriter<'a> {
|
||||
pub fn new(key: &[u8], nonce: &[u8], sink: &'a mut Write) -> ChaChaWriter<'a> {
|
||||
ChaChaWriter(ChaCha20::new_var(key, nonce).unwrap(), sink)
|
||||
}
|
||||
}
|
||||
|
||||
impl<'a> Write for ChaChaWriter<'a> {
|
||||
fn write(&mut self, buf: &[u8]) -> Result<usize> {
|
||||
let mut cipher_text = [0u8; 256];
|
||||
let mut written = 0usize;
|
||||
for chunk in buf.chunks(cipher_text.len()) {
|
||||
cipher_text[0..chunk.len()].copy_from_slice(&chunk);
|
||||
self.0.apply_keystream(&mut cipher_text[0..chunk.len()]);
|
||||
written += self.1.write(&cipher_text[0..chunk.len()])?;
|
||||
}
|
||||
Ok(written)
|
||||
}
|
||||
|
||||
fn flush(&mut self) -> Result<()> {
|
||||
self.1.flush()
|
||||
}
|
||||
}
|
||||
80
src/main.rs
80
src/main.rs
@@ -1,21 +1,34 @@
|
||||
#[macro_use]
|
||||
extern crate lazy_static;
|
||||
extern crate chrono;
|
||||
extern crate iron;
|
||||
extern crate rand;
|
||||
extern crate sequoia_openpgp as openpgp;
|
||||
extern crate snap;
|
||||
|
||||
mod chacha_io;
|
||||
mod pgp;
|
||||
|
||||
use crate::pgp::KnownKeys;
|
||||
use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
|
||||
use chacha_io::{ChaChaReader, ChaChaWriter};
|
||||
use chrono::*;
|
||||
use core::cell::RefCell;
|
||||
use iron::method::Method;
|
||||
use iron::modifiers::Redirect;
|
||||
use iron::prelude::*;
|
||||
use iron::url::Url;
|
||||
use rand::Rng;
|
||||
use sha2::{Digest, Sha256};
|
||||
use std::borrow::BorrowMut;
|
||||
use std::convert::TryInto;
|
||||
use std::fs;
|
||||
use std::fs::File;
|
||||
use std::io;
|
||||
use std::io::prelude::*;
|
||||
use std::iter::Iterator;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::sync::Mutex;
|
||||
|
||||
struct Snippet<'a> {
|
||||
id: String,
|
||||
@@ -37,7 +50,7 @@ impl<'a> Snippet<'a> {
|
||||
Snippet::new(
|
||||
&rand::thread_rng()
|
||||
.gen_ascii_chars()
|
||||
.take(6)
|
||||
.take(8)
|
||||
.collect::<String>(),
|
||||
storage,
|
||||
)
|
||||
@@ -50,13 +63,30 @@ impl<'a> Snippet<'a> {
|
||||
}
|
||||
}
|
||||
|
||||
pub fn file_id(&self) -> String {
|
||||
SnippetStorage::file_id(&self.id)
|
||||
}
|
||||
|
||||
pub fn passphrase(&self) -> ([u8; 8], [u8; 32]) {
|
||||
let mut hasher = Sha256::new();
|
||||
hasher.input(self.id.as_bytes());
|
||||
let res = hasher.result();
|
||||
let nonce: [u8; 8] = res[0..8].try_into().unwrap();
|
||||
let mut hasher = Sha256::new();
|
||||
hasher.input(self.id.as_bytes());
|
||||
hasher.input(b"pass");
|
||||
let pass: [u8; 32] = res[0..32].try_into().unwrap();
|
||||
(nonce, pass)
|
||||
}
|
||||
|
||||
pub fn path(&self) -> PathBuf {
|
||||
self.storage.directory.join(&self.id)
|
||||
self.storage.directory.join(&self.file_id())
|
||||
}
|
||||
|
||||
pub fn metadata(&self) -> Result<SnippetMeta, io::Error> {
|
||||
let mut file = File::open(self.path())?;
|
||||
self.metadata_via_handle(&mut file)
|
||||
let (nonce, key) = self.passphrase();
|
||||
self.metadata_via_handle(&mut ChaChaReader::new(&key, &nonce, &mut file))
|
||||
}
|
||||
|
||||
fn metadata_via_handle(&self, hdl: &mut impl Read) -> Result<SnippetMeta, io::Error> {
|
||||
@@ -74,38 +104,42 @@ impl<'a> Snippet<'a> {
|
||||
|
||||
fn contents(&self) -> Result<String, io::Error> {
|
||||
let mut file = File::open(self.path())?;
|
||||
let meta = self.metadata_via_handle(&mut file)?;
|
||||
let (nonce, key) = self.passphrase();
|
||||
let mut reader = ChaChaReader::new(&key, &nonce, &mut file);
|
||||
let meta = self.metadata_via_handle(&mut reader)?;
|
||||
fn read_string(r: &mut impl Read) -> Result<String, io::Error> {
|
||||
let mut text = String::new();
|
||||
r.read_to_string(&mut text)?;
|
||||
Ok(text)
|
||||
}
|
||||
dbg!((&meta.compression, &meta.created));
|
||||
dbg!((&meta.compression, &meta.created, self.file_id()));
|
||||
match meta.compression {
|
||||
Some(ref comp) if comp == "snap" => {
|
||||
let mut r = snap::Reader::new(&mut file);
|
||||
let mut r = snap::Reader::new(&mut reader);
|
||||
read_string(&mut r)
|
||||
}
|
||||
_ => read_string(&mut file),
|
||||
_ => read_string(&mut reader),
|
||||
}
|
||||
}
|
||||
|
||||
fn write(self, content: &str) -> Result<Snippet<'a>, io::Error> {
|
||||
let mut file = File::create(self.path())?;
|
||||
file.write_i64::<BigEndian>(Utc::now().timestamp())?;
|
||||
let (nonce, key) = self.passphrase();
|
||||
let mut writer = ChaChaWriter::new(&key, &nonce, &mut file);
|
||||
writer.write_i64::<BigEndian>(Utc::now().timestamp())?;
|
||||
let comp = if content.len() > 2048 {
|
||||
Some("snap")
|
||||
} else {
|
||||
None
|
||||
};
|
||||
file.write_u16::<BigEndian>(comp.map(|s| s.len() as u16).unwrap_or(0u16))?;
|
||||
file.write(comp.map(|s| s.as_bytes()).unwrap_or(&[0u8; 0]))?;
|
||||
writer.write_u16::<BigEndian>(comp.map(|s| s.len() as u16).unwrap_or(0u16))?;
|
||||
writer.write(comp.map(|s| s.as_bytes()).unwrap_or(&[0u8; 0]))?;
|
||||
match comp {
|
||||
Some(ref comp) if comp == &"snap" => {
|
||||
let mut w = snap::Writer::new(&mut file);
|
||||
let mut w = snap::Writer::new(&mut writer);
|
||||
w.write_all(content.as_bytes())?
|
||||
}
|
||||
_ => file.write_all(content.as_bytes())?,
|
||||
_ => writer.write_all(content.as_bytes())?,
|
||||
};
|
||||
Ok(Snippet::new(&self.id, self.storage))
|
||||
}
|
||||
@@ -117,9 +151,13 @@ impl<'a> SnippetStorage<'a> {
|
||||
directory: directory,
|
||||
}
|
||||
}
|
||||
|
||||
pub fn file_id(id: &str) -> String {
|
||||
let mut hasher = Sha256::new();
|
||||
hasher.input(id.as_bytes());
|
||||
hex::encode(&hasher.result()[0..12])
|
||||
}
|
||||
fn has(&self, id: &str) -> bool {
|
||||
self.directory.join(id).exists()
|
||||
self.directory.join(Self::file_id(id)).exists()
|
||||
}
|
||||
|
||||
fn open(&self, id: &str) -> Option<Snippet> {
|
||||
@@ -137,6 +175,12 @@ const STORAGE_DIR: &str = "/snips";
|
||||
#[cfg(debug_assertions)]
|
||||
const STORAGE_DIR: &str = "/tmp";
|
||||
|
||||
lazy_static! {
|
||||
static ref KNOWN_KEYS: Mutex<KnownKeys> = Mutex::new(
|
||||
KnownKeys::load_dir([STORAGE_DIR, "keys"].join("/")).expect("Failed to load pubkeys")
|
||||
);
|
||||
}
|
||||
|
||||
const VERSION: &str = env!("CARGO_PKG_VERSION");
|
||||
|
||||
fn handle(req: &mut Request) -> IronResult<Response> {
|
||||
@@ -148,7 +192,7 @@ fn handle(req: &mut Request) -> IronResult<Response> {
|
||||
(Method::Post, Some(path)) => {
|
||||
if path == &"new" {
|
||||
let snip = {
|
||||
let text: String = {
|
||||
let pgp_text: String = {
|
||||
let bytes = ((&mut req.body).bytes().take(1024 * 512).collect::<Result<
|
||||
Vec<u8>,
|
||||
io::Error,
|
||||
@@ -158,6 +202,12 @@ fn handle(req: &mut Request) -> IronResult<Response> {
|
||||
String::from_utf8(bytes)
|
||||
.map_err(|err| IronError::new(err, "Invalid utf8"))?
|
||||
};
|
||||
let b_text = KNOWN_KEYS
|
||||
.lock()
|
||||
.unwrap() //.map_err(|_| IronError::new(std::error::Error::from("Mutex Err"), "PGP Context unavailable"))?
|
||||
.verify(pgp_text.as_bytes())
|
||||
.map_err(|err| IronError::new(err, "Untrusted signature"))?;
|
||||
let text = String::from_utf8(b_text).unwrap();
|
||||
Snippet::random(&storage).write(&*text).map_err(|err| {
|
||||
let msg = format!("Failed to save snippet: {:?}", &err);
|
||||
IronError::new(err, msg)
|
||||
|
||||
51
src/pgp.rs
Normal file
51
src/pgp.rs
Normal file
@@ -0,0 +1,51 @@
|
||||
use openpgp::parse::stream::*;
|
||||
use openpgp::parse::Parse;
|
||||
use openpgp::*;
|
||||
use std::fs;
|
||||
use std::fs::File;
|
||||
use std::io;
|
||||
use std::io::prelude::*;
|
||||
use std::path::Path;
|
||||
|
||||
pub struct KnownKeys {
|
||||
keys: Vec<openpgp::TPK>,
|
||||
}
|
||||
impl VerificationHelper for &KnownKeys {
|
||||
fn get_public_keys(&mut self, _ids: &[KeyID]) -> Result<Vec<TPK>> {
|
||||
Ok(self.keys.clone())
|
||||
}
|
||||
fn check(&mut self, structure: &MessageStructure) -> Result<()> {
|
||||
Ok(()) // Implement your verification policy here.
|
||||
}
|
||||
}
|
||||
|
||||
impl KnownKeys {
|
||||
pub fn load_dir(dir: impl AsRef<Path>) -> io::Result<KnownKeys> {
|
||||
let mut keys: Vec<openpgp::TPK> = Vec::with_capacity(3);
|
||||
for f in fs::read_dir(dir)? {
|
||||
let f = f?;
|
||||
if f.metadata()?.is_dir() {
|
||||
continue;
|
||||
}
|
||||
let tpk = openpgp::TPK::from_file(f.path()).unwrap();
|
||||
println!("Fingerprint: {}", tpk.fingerprint());
|
||||
keys.push(tpk);
|
||||
}
|
||||
Ok(KnownKeys { keys: keys })
|
||||
}
|
||||
|
||||
pub fn verify(&mut self, r: impl Read) -> io::Result<Vec<u8>> {
|
||||
let mut content = Vec::with_capacity(2048);
|
||||
let helper = &*self;
|
||||
let mut v = Verifier::<&KnownKeys>::from_reader(r, helper, None)
|
||||
.map_err(|e| dbg!(e))
|
||||
.unwrap();
|
||||
if v.read_to_end(&mut content).is_err() {
|
||||
return Err(io::Error::new(
|
||||
io::ErrorKind::InvalidData,
|
||||
"Signature Mismatch",
|
||||
));
|
||||
}
|
||||
Ok(content)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user