// // Password.swift // pass // // Created by Mingshen Sun on 2/2/2017. // Copyright © 2017 Bob Sun. All rights reserved. // import Foundation import SwiftyUserDefaults import OneTimePassword import Base32 struct AdditionField { var title: String var content: String } class Password { static let otpKeywords = ["otp_secret", "otp_type", "otp_algorithm", "otp_period", "otp_digits", "otp_counter", "otpauth"] var name = "" var password = "" var additions = [String: String]() var additionKeys = [String]() var changed = false private var plainText = "" private var firstLineIsOTPField = false private var otpToken: Token? enum OtpType { case totp, hotp, none } var otpType: OtpType { get { guard let token = self.otpToken else { return OtpType.none } switch token.generator.factor { case .counter: return OtpType.hotp case .timer: return OtpType.totp } } } init(name: String, plainText: String) { self.initEverything(name: name, plainText: plainText) } func updatePassword(name: String, plainText: String) { if self.plainText != plainText { self.initEverything(name: name, plainText: plainText) changed = true } } private func initEverything(name: String, plainText: String) { self.name = name self.plainText = plainText // get password and additional fields let plainTextSplit = plainText.characters.split(maxSplits: 1, omittingEmptySubsequences: false) { $0 == "\n" || $0 == "\r\n" }.map(String.init) guard plainTextSplit.count > 0 else { return; } self.password = plainTextSplit[0] if plainTextSplit.count == 2 { (self.additions, self.additionKeys) = Password.getAdditionFields(from: plainTextSplit[1]) } // check whether the first line of the plainText looks like an otp entry let (key, value) = Password.getKeyValuePair(from: plainTextSplit[0]) if Password.otpKeywords.contains(key ?? "") { firstLineIsOTPField = true self.additions[key!] = value self.additionKeys.insert(key!, at: 0) } else { firstLineIsOTPField = false } // construct the otp token self.updateOtpToken() } func getUsername() -> String? { return getAdditionValue(withKey: "Username") ?? getAdditionValue(withKey: "username") } func getURLString() -> String? { return getAdditionValue(withKey: "URL") ?? getAdditionValue(withKey: "url") ?? getAdditionValue(withKey: "Url") } // return a key-value pair from the line // key might be nil, if there is no ":" in the line static private func getKeyValuePair(from line: String) -> (key: String?, value: String) { let items = line.characters.split(separator: ":", maxSplits: 1, omittingEmptySubsequences: true).map(String.init) var key : String? var value = "" if items.count == 1 { key = items[0] } else if items.count == 2 { key = items[0] value = items[1].trimmingCharacters(in: .whitespaces) } return (key, value) } static private func getAdditionFields(from additionFieldsPlainText: String) -> ([String: String], [String]){ var additions = [String: String]() var additionKeys = [String]() var unknownIndex = 0 additionFieldsPlainText.enumerateLines() { line, _ in if line == "" { return } var (key, value) = getKeyValuePair(from: line) if key == nil { unknownIndex += 1 key = "unknown \(unknownIndex)" } additions[key!] = value additionKeys.append(key!) } return (additions, additionKeys) } func getAdditionsPlainText() -> String { // lines starting from the second let plainTextSplit = plainText.characters.split(maxSplits: 1, omittingEmptySubsequences: false) { $0 == "\n" || $0 == "\r\n" }.map(String.init) if plainTextSplit.count == 1 { return "" } else { return plainTextSplit[1] } } private func getPlainText() -> String { return self.plainText } func getPlainData() -> Data { return getPlainText().data(using: .utf8)! } private func getAdditionValue(withKey key: String) -> String? { return self.additions[key] } /* Set otpType and otpToken, if we are able to construct a valid token. Example of TOTP otpauth (Key Uri Format: https://github.com/google/google-authenticator/wiki/Key-Uri-Format) otpauth://totp/totp-secret?secret=AAAAAAAAAAAAAAAA&issuer=totp-secret Example of TOTP fields [Legacy, lower priority] otp_secret: secretsecretsecretsecretsecretsecret otp_type: totp otp_algorithm: sha1 (default: sha1, optional) otp_period: 30 (default: 30, optional) otp_digits: 6 (default: 6, optional) Example of HOTP fields [Legacy, lower priority] otp_secret: secretsecretsecretsecretsecretsecret otp_type: hotp otp_counter: 1 otp_digits: 6 (default: 6, optional) */ private func updateOtpToken() { self.otpToken = nil // get otpauth, if we are able to generate a token, return if var otpauthString = getAdditionValue(withKey: "otpauth") { if !otpauthString.hasPrefix("otpauth:") { otpauthString = "otpauth:\(otpauthString)" } if let otpauthUrl = URL(string: otpauthString), let token = Token(url: otpauthUrl) { self.otpToken = token return } } // get secret data guard let secretString = getAdditionValue(withKey: "otp_secret"), let secretData = MF_Base32Codec.data(fromBase32String: secretString), !secretData.isEmpty else { // print("Missing / Invalid otp secret") return } // get type guard let type = getAdditionValue(withKey: "otp_type")?.lowercased(), (type == "totp" || type == "hotp") else { // print("Missing / Invalid otp type") return } // get algorithm (optional) var algorithm = Generator.Algorithm.sha1 if let algoString = getAdditionValue(withKey: "otp_algorithm") { switch algoString.lowercased() { case "sha256": algorithm = .sha256 case "sha512": algorithm = .sha512 default: algorithm = .sha1 } } // construct the token if type == "totp" { // HOTP // default: 6 digits, 30 seconds guard let digits = Int(getAdditionValue(withKey: "otp_digits") ?? "6"), let period = Double(getAdditionValue(withKey: "otp_period") ?? "30.0") else { let alertMessage = "Invalid otp_digits or otp_period." print(alertMessage) return } guard let generator = Generator( factor: .timer(period: period), secret: secretData, algorithm: algorithm, digits: digits) else { let alertMessage = "Invalid OTP generator parameters." print(alertMessage) return } self.otpToken = Token(name: self.name, issuer: "", generator: generator) } else { // HOTP // default: 6 digits guard let digits = Int(getAdditionValue(withKey: "otp_digits") ?? "6"), let counter = UInt64(getAdditionValue(withKey: "otp_counter") ?? "") else { let alertMessage = "Invalid otp_digits or otp_counter." print(alertMessage) return } guard let generator = Generator( factor: .counter(counter), secret: secretData, algorithm: algorithm, digits: digits) else { let alertMessage = "Invalid OTP generator parameters." print(alertMessage) return } self.otpToken = Token(name: self.name, issuer: "", generator: generator) } } // it is guaranteed that it is a HOTP password when we call this func increaseHotpCounter() { var lines : [String] = [] self.plainText.enumerateLines() { line, _ in let (key, value) = Password.getKeyValuePair(from: line) if key == "otp_counter", let newValue = UInt64(value)?.advanced(by: 1) { let newLine = "\(key!): \(newValue)" lines.append(newLine) } else { lines.append(line) } } self.updatePassword(name: self.name, plainText: lines.joined(separator: "\n")) } // return the description and the password strings func getOtpStrings() -> (description: String, otp: String)? { guard let token = self.otpToken else { return nil } var description : String switch token.generator.factor { case .counter: // htop description = "HMAC-based" case .timer(let period): // totp let timeSinceEpoch = Date().timeIntervalSince1970 let validTime = Int(period - timeSinceEpoch.truncatingRemainder(dividingBy: period)) description = "time-based (expiring in \(validTime)s)" } let otp = self.otpToken?.currentPassword ?? "error" return (description, otp) } // return the password strings func getOtp() -> String? { if let otp = self.otpToken?.currentPassword { return otp } else { return nil } } static func LooksLikeOTP(line: String) -> Bool { let (key, _) = getKeyValuePair(from: line) return Password.otpKeywords.contains(key ?? "") } }