rucksack-db 0.8.0

The rucksack encrypted database
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

use anyhow::{anyhow, Result};
use secrecy::{ExposeSecret, Secret, SecretString};

use rucksack_lib::util;

use crate::crypto;

pub struct EncryptedDB {
    bytes: Vec<u8>,
    decrypted: Secret<Vec<u8>>,
    path: String,
    pwd: SecretString,
    salt: SecretString,
}

pub fn from_decrypted(
    decrypted: Vec<u8>,
    path: String,
    pwd: String,
    salt: String,
) -> Result<EncryptedDB> {
    new(None, Some(decrypted), path, pwd, salt)
}

pub fn from_encrypted(
    encrypted: Vec<u8>,
    path: String,
    pwd: String,
    salt: String,
) -> Result<EncryptedDB> {
    new(Some(encrypted), None, path, pwd, salt)
}

pub fn from_file(path: String, pwd: String, salt: String) -> Result<EncryptedDB> {
    new(None, None, path, pwd, salt)
}

pub fn new(
    bytes: Option<Vec<u8>>,
    decrypted: Option<Vec<u8>>,
    path: String,
    pwd: String,
    salt: String,
) -> Result<EncryptedDB> {
    let mut edb = EncryptedDB {
        bytes: Vec::new(),
        decrypted: Secret::new(Vec::new()),
        path,
        pwd: SecretString::new(pwd),
        salt: SecretString::new(salt),
    };
    if bytes.is_none() && decrypted.is_none() {
        log::debug!("No bytes provided; reading from file ...");
        edb.read()?;
        edb.decrypt()?;
    } else if let Some(b) = bytes {
        log::debug!("Got encrypted bytes; decrypting ...");
        edb.bytes = b;
        edb.decrypt()?;
    } else if let Some(d) = decrypted {
        log::debug!("Got decrypted bytes; encrypting ...");
        edb.decrypted = Secret::new(d);
        edb.encrypt();
    }
    Ok(edb)
}

impl EncryptedDB {
    pub fn bytes(&self) -> Vec<u8> {
        self.bytes.clone()
    }

    pub fn decrypt(&mut self) -> Result<()> {
        log::debug!("Decrypting stored bytes ...");
        log::trace!("{}, {}", self.pwd(), self.salt());
        match crypto::decrypt(self.bytes.clone(), self.pwd(), self.salt()) {
            Ok(bytes) => {
                log::trace!("Decrypted bytes: {:?}", bytes);
                self.decrypted = Secret::new(bytes);
                Ok(())
            }
            Err(e) => {
                let msg = format!("Could not decrypt data: {e:?}");
                log::error!("{}", msg);
                Err(anyhow!("{}", msg))
            }
        }
    }

    pub fn decrypted(&self) -> Vec<u8> {
        self.decrypted.expose_secret().to_vec()
    }

    pub fn encrypt(&mut self) {
        log::trace!("Byte len before: {}", self.bytes.len());
        self.bytes = crypto::encrypt(self.decrypted(), self.pwd(), self.salt());
        log::trace!("Byte len after: {}", self.bytes.len());
    }

    pub fn path(&self) -> String {
        self.path.clone()
    }

    pub fn pwd(&self) -> String {
        self.pwd.expose_secret().to_string()
    }

    pub fn read(&mut self) -> Result<()> {
        log::trace!("Byte len before: {}", self.bytes.len());
        self.bytes = util::read_file(self.path())?;
        log::trace!("Byte len after: {}", self.bytes.len());
        Ok(())
    }

    pub fn salt(&self) -> String {
        self.salt.expose_secret().to_string()
    }

    pub fn write(&self) -> Result<()> {
        log::debug!("Writing encrypted DB ...");
        util::write_file(self.bytes(), self.path())
    }
}