KeyBoxen 0.1.0

Standalone secret-service daemon for window managers
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

// Copyright (C) 2022 KeyBoxen Authors
// SPDX-License-Identifier: GPL-3.0-or-later

//! Collections module
//!
//! This module implements the object that represents each
//! [collection][ch03]. A collection holds a set of related
//! [items][super::item]. It is represented by an enum that is either
//! unlocked with a key stored as an array of bytes, or is locked.
//!
//! # Locking
//! Collections can be locked. The locking is a **hard** lock (unlike
//! individual items), which can be unlocked only by entering a
//! password. The collection is considered locked if it lacks the key
//! required to decrypt the secrets under it.
//!
//! The default collection is encrypted using the user's login
//! password. It will be unlocked automatically upon login using the
//! password obtained from PAM. All other collections will need user
//! intervention - ie, entry of password.
//!
//! **WARNING:** Be sure to clear out the key when locking.
//!
//! [ch03]: https://specifications.freedesktop.org/secret-service/latest/ch03.html

use super::{lock, Collection};

impl lock::Lockable for Collection {
    fn is_locked(&self) -> bool {
        match self {
            Self::Locked => true,
            Self::Unlocked(_) => false,
        }
    }

    fn lock(&mut self) -> lock::Result {
        if let Self::Unlocked(ref mut arr) = self {
            // Clear the array
            for byte in arr {
                *byte = 0;
            }
            *self = Self::Locked;
        }
        Ok(())
    }

    fn unlock(&mut self) -> lock::Result {
        *self = Self::Unlocked(Vec::<u8>::new());
        Ok(())
    }
}