Merge pull request #208 from brxken128/issue-204

[UX] Further Improvements
brxken128 · Aug 16, 2022 · 33cc04f · 33cc04f
2 parents af92164 + 56d735a
commit 33cc04f
Show file tree

Hide file tree

Showing 23 changed files with 7,894 additions and 306 deletions.
diff --git a/.github/workflows/dexios-tests.yml b/.github/workflows/dexios-tests.yml
@@ -53,13 +53,13 @@ jobs:
     - name: Generate keyfile
       run: dd if=/dev/urandom of=keyfile bs=1 count=4096
     - name: Encrypt in stream mode (XChaCha20-Poly1305)
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aead 1 100MB.bin 100MB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile 100MB.bin 100MB.enc
     - name: Decrypt in stream mode (XChaCha20-Poly1305)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -dHfk keyfile 100MB.enc 100MB.bin
     - name: Generate test file
       run: dd if=/dev/urandom of=100MB.bin bs=1M count=100
     - name: Encrypt in stream mode (AES-256-GCM)
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aead 2 100MB.bin 100MB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aes 100MB.bin 100MB.enc
     - name: Decrypt in stream mode (AES-256-GCM)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -dHfk keyfile 100MB.enc 100MB.bin
   header-tests:
@@ -81,15 +81,15 @@ jobs:
     - name: Encrypt in stream mode (XChaCha20-Poly1305)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile 100MB.bin 100MB.enc
     - name: Dump Header
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios header dump -f 100MB.enc 100MB.enc.header
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios header dump 100MB.enc 100MB.enc.header
     - name: Strip Header
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios header strip -f 100MB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios header strip 100MB.enc
     - name: Restore Header
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios header restore -f 100MB.enc.header 100MB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios header restore 100MB.enc.header 100MB.enc
     - name: Decrypt in stream mode (XChaCha20-Poly1305)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -dHfk keyfile 100MB.enc 100MB.bin
     - name: Strip Header
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios header strip -f 100MB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios header strip 100MB.enc
     - name: Decrypt in stream mode with detached header (XChaCha20-Poly1305)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -dHfk keyfile --header 100MB.enc.header 100MB.enc 100MB.bin
     - name: Encrypt in stream mode to detached header (XChaCha20-Poly1305)
@@ -151,13 +151,13 @@ jobs:
     - name: Generate keyfile
       run: dd if=/dev/urandom of=keyfile bs=1 count=4096
     - name: Encrypt 1GB file (XChaCha20-Poly1305)
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aead 1 1GB.bin 1GB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile 1GB.bin 1GB.enc
     - name: Decrypt 1GB file (XChaCha20-Poly1305)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -dHfk keyfile 1GB.enc 1GB.bin
     - name: Generate test file
       run: dd if=/dev/urandom of=1GB.bin bs=1M count=1000
     - name: Encrypt 1GB file (AES-256-GCM)
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aead 2 1GB.bin 1GB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aes 1GB.bin 1GB.enc
     - name: Decrypt 1GB file (AES-256-GCM)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -dHfk keyfile 1GB.enc 1GB.bin
   small-file:
@@ -176,13 +176,13 @@ jobs:
     - name: Generate keyfile
       run: dd if=/dev/urandom of=keyfile bs=1 count=4096
     - name: Encrypt 1KB file (XChaCha20-Poly1305)
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aead 1 1KB.bin 1KB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile 1KB.bin 1KB.enc
     - name: Decrypt 1KB file (XChaCha20-Poly1305)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -dHfk keyfile 1KB.enc 1KB.bin
     - name: Generate test file
       run: dd if=/dev/urandom of=1KB.bin bs=1 count=1024
     - name: Encrypt 1KB file (AES-256-GCM)
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aead 2 1KB.bin 1KB.enc
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -eHfk keyfile --aes 1KB.bin 1KB.enc
     - name: Decrypt 1KB file (AES-256-GCM)
       run: /home/runner/work/dexios/dexios/target/release/dexios/dexios -dHfk keyfile 1KB.enc 1KB.bin
   pack:
@@ -204,7 +204,7 @@ jobs:
     - name: Generate keyfile
       run: dd if=/dev/urandom of=keyfile bs=1 count=4096
     - name: Pack+Encrypt test directory (XChaCha20-Poly1305)
-      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios pack -fk keyfile --aead 1 test/ output.zip
+      run: /home/runner/work/dexios/dexios/target/release/dexios/dexios pack -fk keyfile test/ output.zip
     - name: Remove Directory
       run: rm -rf test/
     - name: Decrypt+Unpack archive (XChaCha20-Poly1305)

diff --git a/dexios-core/Cargo.toml b/dexios-core/Cargo.toml
@@ -18,8 +18,7 @@ license = "BSD-2-Clause"
 maintenance = { status = "actively-developed" }
 
 [features]
-default = ["deoxys-ii-256", "visual"]
-deoxys-ii-256 = ["deoxys"]
+default = []
 visual = ["indicatif"]
 
 [dependencies]
@@ -29,7 +28,7 @@ anyhow = "1.0.61"
 # AEADS
 aes-gcm = "0.10.1"
 chacha20poly1305 = "0.10.1"
-deoxys = { version = "0.1.0", optional = true }
+deoxys = { version = "0.1.0" }
 aead = { version = "0.5.1", features = ["stream"] }
 
 # for wiping sensitive information from memory

diff --git a/dexios-core/src/cipher.rs b/dexios-core/src/cipher.rs
@@ -20,10 +20,9 @@
 //! assert_eq!(secret, decrypted_data);
 //! ```
 
-use aead::{Aead, AeadInPlace, Payload, KeyInit};
+use aead::{Aead, AeadInPlace, KeyInit, Payload};
 use aes_gcm::Aes256Gcm;
 use chacha20poly1305::XChaCha20Poly1305;
-#[cfg(feature = "deoxys-ii-256")]
 use deoxys::DeoxysII256;
 
 use crate::primitives::Algorithm;
@@ -33,7 +32,6 @@ use crate::protected::Protected;
 pub enum Ciphers {
     Aes256Gcm(Box<Aes256Gcm>),
     XChaCha(Box<XChaCha20Poly1305>),
-    #[cfg(feature = "deoxys-ii-256")]
     DeoxysII(Box<DeoxysII256>),
 }
 
@@ -67,7 +65,6 @@ impl Ciphers {
 
                 Ciphers::XChaCha(Box::new(cipher))
             }
-            #[cfg(feature = "deoxys-ii-256")]
             Algorithm::DeoxysII256 => {
                 let cipher = DeoxysII256::new_from_slice(key.expose())
                     .map_err(|_| anyhow::anyhow!("Unable to create cipher with hashed key."))?;
@@ -91,7 +88,6 @@ impl Ciphers {
         match self {
             Ciphers::Aes256Gcm(c) => c.encrypt(nonce.as_ref().into(), plaintext),
             Ciphers::XChaCha(c) => c.encrypt(nonce.as_ref().into(), plaintext),
-            #[cfg(feature = "deoxys-ii-256")]
             Ciphers::DeoxysII(c) => c.encrypt(nonce.as_ref().into(), plaintext),
         }
     }
@@ -105,7 +101,6 @@ impl Ciphers {
         match self {
             Ciphers::Aes256Gcm(c) => c.encrypt_in_place(nonce.as_ref().into(), aad, buffer),
             Ciphers::XChaCha(c) => c.encrypt_in_place(nonce.as_ref().into(), aad, buffer),
-            #[cfg(feature = "deoxys-ii-256")]
             Ciphers::DeoxysII(c) => c.encrypt_in_place(nonce.as_ref().into(), aad, buffer),
         }
     }
@@ -123,7 +118,6 @@ impl Ciphers {
         match self {
             Ciphers::Aes256Gcm(c) => c.decrypt(nonce.as_ref().into(), ciphertext),
             Ciphers::XChaCha(c) => c.decrypt(nonce.as_ref().into(), ciphertext),
-            #[cfg(feature = "deoxys-ii-256")]
             Ciphers::DeoxysII(c) => c.decrypt(nonce.as_ref().into(), ciphertext),
         }
     }

diff --git a/dexios-core/src/header.rs b/dexios-core/src/header.rs
@@ -282,7 +282,6 @@ impl Header {
         let algorithm = match algorithm_bytes {
             [0x0E, 0x01] => Algorithm::XChaCha20Poly1305,
             [0x0E, 0x02] => Algorithm::Aes256Gcm,
-            #[cfg(feature = "deoxys-ii-256")]
             [0x0E, 0x03] => Algorithm::DeoxysII256,
             _ => return Err(anyhow::anyhow!("Error getting encryption mode from header")),
         };
@@ -490,7 +489,6 @@ impl Header {
                 let info: [u8; 2] = [0x0E, 0x02];
                 info
             }
-            #[cfg(feature = "deoxys-ii-256")]
             Algorithm::DeoxysII256 => {
                 let info: [u8; 2] = [0x0E, 0x03];
                 info

diff --git a/dexios-core/src/key.rs b/dexios-core/src/key.rs
@@ -11,6 +11,7 @@
 //! let key = argon2id_hash(raw_key, &salt, &HeaderVersion::V3).unwrap();
 //! ```
 use anyhow::Result;
+use rand::{prelude::StdRng, Rng, SeedableRng};
 use zeroize::Zeroize;
 
 use crate::cipher::Ciphers;
@@ -184,3 +185,38 @@ pub fn vec_to_arr<const N: usize>(mut master_key_vec: Vec<u8>) -> [u8; N] {
     master_key_vec.zeroize();
     master_key
 }
+
+// this autogenerates a passphrase, which can be selected with `--auto`
+// it reads the EFF large list of words, and puts them all into a vec
+// 3 words are then chosen at random, and 6 digits are also
+// the 3 words and the digits are separated with -
+// the words are also capitalised
+// this passphrase should provide adequate protection, while not being too hard to remember
+#[must_use]
+pub fn generate_passphrase() -> Protected<String> {
+    let collection = include_str!("wordlist.lst");
+    let words = collection.lines().collect::<Vec<_>>();
+
+    let mut passphrase = String::new();
+
+    for _ in 0..3 {
+        let index = StdRng::from_entropy().gen_range(0..=words.len());
+        let word = words[index];
+        let capitalized_word = word
+            .char_indices()
+            .map(|(i, ch)| match i {
+                0 => ch.to_ascii_uppercase(),
+                _ => ch,
+            })
+            .collect::<String>();
+        passphrase.push_str(&capitalized_word);
+        passphrase.push('-');
+    }
+
+    for _ in 0..6 {
+        let number: i64 = StdRng::from_entropy().gen_range(0..=9);
+        passphrase.push_str(&number.to_string());
+    }
+
+    Protected::new(passphrase)
+}
diff --git a/dexios-core/src/primitives.rs b/dexios-core/src/primitives.rs
@@ -13,32 +13,22 @@ pub const SALT_LEN: usize = 16; // bytes
 
 pub const MASTER_KEY_LEN: usize = 32;
 pub const ENCRYPTED_MASTER_KEY_LEN: usize = 48;
+pub const ALGORITHMS_LEN: usize = 3;
 
 /// This is an `enum` containing all AEADs supported by `dexios-core`
 #[derive(Copy, Clone, PartialEq, Eq)]
 pub enum Algorithm {
     Aes256Gcm,
     XChaCha20Poly1305,
-    #[cfg(feature = "deoxys-ii-256")]
     DeoxysII256,
 }
 
-const fn algorithm_len() -> usize {
-    #[allow(unused_mut)]
-    let mut len: usize = 2;
-    if cfg!(feature = "deoxys-ii-256") {
-        len += 1;
-    };
-    len
-}
-
 /// This is an array containing all AEADs supported by `dexios-core`.
 ///
 /// It can be used by and end-user application to show a list of AEADs that they may use
-pub static ALGORITHMS: [Algorithm; algorithm_len()] = [
+pub static ALGORITHMS: [Algorithm; ALGORITHMS_LEN] = [
     Algorithm::XChaCha20Poly1305,
     Algorithm::Aes256Gcm,
-    #[cfg(feature = "deoxys-ii-256")]
     Algorithm::DeoxysII256,
 ];
 
@@ -47,7 +37,6 @@ impl std::fmt::Display for Algorithm {
         match self {
             Algorithm::Aes256Gcm => write!(f, "AES-256-GCM"),
             Algorithm::XChaCha20Poly1305 => write!(f, "XChaCha20-Poly1305"),
-            #[cfg(feature = "deoxys-ii-256")]
             Algorithm::DeoxysII256 => write!(f, "Deoxys-II-256"),
         }
     }
@@ -98,7 +87,6 @@ pub fn get_nonce_len(algorithm: &Algorithm, mode: &Mode) -> usize {
     let mut nonce_len = match algorithm {
         Algorithm::Aes256Gcm => 12,
         Algorithm::XChaCha20Poly1305 => 24,
-        #[cfg(feature = "deoxys-ii-256")]
         Algorithm::DeoxysII256 => 15,
     };
 

diff --git a/dexios-core/src/stream.rs b/dexios-core/src/stream.rs
@@ -35,7 +35,6 @@ use aead::{
 use aes_gcm::Aes256Gcm;
 use anyhow::Context;
 use chacha20poly1305::XChaCha20Poly1305;
-#[cfg(feature = "deoxys-ii-256")]
 use deoxys::DeoxysII256;
 // use rand::{prelude::StdRng, Rng, SeedableRng, RngCore};
 use zeroize::Zeroize;
@@ -49,7 +48,6 @@ use crate::protected::Protected;
 pub enum EncryptionStreams {
     Aes256Gcm(Box<EncryptorLE31<Aes256Gcm>>),
     XChaCha20Poly1305(Box<EncryptorLE31<XChaCha20Poly1305>>),
-    #[cfg(feature = "deoxys-ii-256")]
     DeoxysII256(Box<EncryptorLE31<DeoxysII256>>),
 }
 
@@ -59,7 +57,6 @@ pub enum EncryptionStreams {
 pub enum DecryptionStreams {
     Aes256Gcm(Box<DecryptorLE31<Aes256Gcm>>),
     XChaCha20Poly1305(Box<DecryptorLE31<XChaCha20Poly1305>>),
-    #[cfg(feature = "deoxys-ii-256")]
     DeoxysII256(Box<DecryptorLE31<DeoxysII256>>),
 }
 
@@ -116,7 +113,6 @@ impl EncryptionStreams {
                 let stream = EncryptorLE31::from_aead(cipher, nonce.into());
                 EncryptionStreams::XChaCha20Poly1305(Box::new(stream))
             }
-            #[cfg(feature = "deoxys-ii-256")]
             Algorithm::DeoxysII256 => {
                 if nonce.len() != 11 {
                     return Err(anyhow::anyhow!("Nonce is not the correct length"));
@@ -144,7 +140,6 @@ impl EncryptionStreams {
         match self {
             EncryptionStreams::Aes256Gcm(s) => s.encrypt_next(payload),
             EncryptionStreams::XChaCha20Poly1305(s) => s.encrypt_next(payload),
-            #[cfg(feature = "deoxys-ii-256")]
             EncryptionStreams::DeoxysII256(s) => s.encrypt_next(payload),
         }
     }
@@ -159,7 +154,6 @@ impl EncryptionStreams {
         match self {
             EncryptionStreams::Aes256Gcm(s) => s.encrypt_last(payload),
             EncryptionStreams::XChaCha20Poly1305(s) => s.encrypt_last(payload),
-            #[cfg(feature = "deoxys-ii-256")]
             EncryptionStreams::DeoxysII256(s) => s.encrypt_last(payload),
         }
     }
@@ -289,7 +283,6 @@ impl DecryptionStreams {
                 let stream = DecryptorLE31::from_aead(cipher, nonce.into());
                 DecryptionStreams::XChaCha20Poly1305(Box::new(stream))
             }
-            #[cfg(feature = "deoxys-ii-256")]
             Algorithm::DeoxysII256 => {
                 let cipher = DeoxysII256::new_from_slice(key.expose())
                     .map_err(|_| anyhow::anyhow!("Unable to create cipher with hashed key."))?;
@@ -315,7 +308,6 @@ impl DecryptionStreams {
         match self {
             DecryptionStreams::Aes256Gcm(s) => s.decrypt_next(payload),
             DecryptionStreams::XChaCha20Poly1305(s) => s.decrypt_next(payload),
-            #[cfg(feature = "deoxys-ii-256")]
             DecryptionStreams::DeoxysII256(s) => s.decrypt_next(payload),
         }
     }
@@ -332,7 +324,6 @@ impl DecryptionStreams {
         match self {
             DecryptionStreams::Aes256Gcm(s) => s.decrypt_last(payload),
             DecryptionStreams::XChaCha20Poly1305(s) => s.decrypt_last(payload),
-            #[cfg(feature = "deoxys-ii-256")]
             DecryptionStreams::DeoxysII256(s) => s.decrypt_last(payload),
         }
     }