Merge pull request #3 from TomWright/main

Refactor and simplify codebase

Author: tarithj

.github/workflows/codeql-analysis.yml

@@ -35,34 +35,34 @@ jobs:
         # https://docs.github.com/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
+      - name: Checkout repository
+        uses: actions/checkout@v2
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
 
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
 
-    #- run: |
-    #   make bootstrap
-    #   make release
+      #- run: |
+      #   make bootstrap
+      #   make release
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

README.md

@@ -1,5 +1,6 @@
 # filecrypt
 [![Codacy Badge](https://app.codacy.com/project/badge/Grade/12610588667845698ee710628e313c0b)](https://www.codacy.com/gh/flew-software/filecrypt/dashboard?utm_source=github.com&utm_medium=referral&utm_content=flew-software/filecrypt&utm_campaign=Badge_Grade)
+[![Go Report Card](https://goreportcard.com/badge/github.com/flew-software/filecrypt)](https://goreportcard.com/report/github.com/flew-software/filecrypt)
 [![](https://tokei.rs/b1/github/flew-software/filecrypt?category=lines)](https://github.com/flew-software/filecrypt)
 ![](https://img.shields.io/badge/Binaries%20under-800kb-succes)   
 ![GitHub repo size](https://img.shields.io/github/repo-size/flew-software/filecrypt)

app.go

@@ -0,0 +1,94 @@
+package filecrypt
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+)
+
+// App contains the actual application logic.
+type App struct {
+	// FileCryptExtension is the file extension of encrypted files.
+	FileCryptExtension string
+	// Overwrite defines whether or not to overwrite existing files.
+	Overwrite bool
+}
+
+// Encrypt encrypts the given file and returns the path the an encrypted file.
+func (a *App) Encrypt(fileLocation string, password Passphrase) (string, error) {
+	if err := password.validate(); err != nil {
+		return "", err
+	}
+
+	outputFilepath := fmt.Sprintf("%s%s", fileLocation, a.FileCryptExtension)
+
+	if fileExists(outputFilepath) && !a.Overwrite {
+		return "", fmt.Errorf("file already exists [%s]. use --force flag to overwrite", outputFilepath)
+	}
+
+	fileData, err := ioutil.ReadFile(fileLocation)
+	if err != nil {
+		return "", fmt.Errorf("could not read file [%s]: %w", fileLocation, err)
+	}
+
+	encryptedFileData, err := encrypt(fileData, password)
+	if err != nil {
+		return "", fmt.Errorf("could not encrypt data: %w", err)
+	}
+
+	// creates a file
+	nf, err := os.Create(outputFilepath)
+	if err != nil {
+		return "", fmt.Errorf("could not create output file [%s]: %w", outputFilepath, err)
+	}
+	defer nf.Close()
+
+	// writes the encrypted data slice to the file
+	_, writeErr := nf.Write(encryptedFileData)
+	if writeErr != nil {
+		return "", fmt.Errorf("could not write encrypted data to file: %w", err)
+	}
+
+	return outputFilepath, nil
+}
+
+// Decrypt decrypts the given file and returns the path to an unencrypted file.
+func (a *App) Decrypt(fileLocation string, password Passphrase) (string, error) {
+	realFile := strings.Replace(fileLocation, a.FileCryptExtension, "", -1)
+	if fileLocation == realFile {
+		return "", fmt.Errorf("input file does not contain a valid extension: expected %s", a.FileCryptExtension)
+	}
+
+	// Checks if file exists
+	if fileExists(realFile) && !a.Overwrite {
+		return "", fmt.Errorf("file already exists [%s]. use --force flag to overwrite", realFile)
+	}
+
+	// reads the file
+	b, readErr := ioutil.ReadFile(fileLocation)
+	if readErr != nil {
+		return "", fmt.Errorf("could not read input file [%s]: %w", fileLocation, readErr)
+	}
+
+	// decrypted byte slice
+	clearText, err := decrypt(b, password)
+	if err != nil {
+		return "", fmt.Errorf("could not decrypt file: %w", err)
+	}
+
+	// creates a file
+	nf, err := os.Create(realFile)
+	if err != nil {
+		return "", fmt.Errorf("could not create unencrypted file [%s]: %w", realFile, err)
+	}
+	defer nf.Close()
+
+	// writes decrypted buffer to the file
+	_, writeErr := nf.Write(clearText)
+	if writeErr != nil {
+		return "", fmt.Errorf("could not write to unencrypted file: %w", err)
+	}
+
+	return realFile, nil
+}

app_test.go

@@ -0,0 +1,104 @@
+package filecrypt
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestCreateHash(t *testing.T) {
+	var tests = []struct {
+		input          string
+		expectedOutput string
+	}{
+		{"test", "098f6bcd4621d373cade4e832627b4f6"},
+		{"log", "dc1d71bbb5c4d2a5e936db79ef10c19f"},
+		{"log", "dc1d71bbb5c4d2a5e936db79ef10c19f"},
+	}
+	for _, test := range tests {
+		if output := createHash(test.input); string(output) != test.expectedOutput {
+			t.Error("Test failed: input:{} expectedOutput:{} output:{}", test.input, test.expectedOutput, output)
+		}
+	}
+}
+
+func TestEncryptDecrypt(t *testing.T) {
+	var tests = []struct {
+		input      string
+		passphrase Passphrase
+	}{
+		{"log", Passphrase("popcorn")},
+		{"log", Passphrase("pa$$word")},
+		{"log", Passphrase("pdsasdas")},
+		{"log", Passphrase("[asdsdasdmasn]")},
+		{"log", Passphrase("popwas")},
+		{"log", Passphrase("oi0isas")},
+		{"log", Passphrase("0=2oasdaj")},
+		{"test", Passphrase("testPass")},
+		{"test", Passphrase("asdasdasd")},
+		{"test", Passphrase("testP[ss")},
+		{"test", Passphrase("195s2f5")},
+		{"test", Passphrase("%%%%%%%s")},
+		{"test", Passphrase("#491k2@")},
+		{"test", Passphrase("[]'fd;fo;hkaf")},
+	}
+	for k, test := range tests {
+		testCase := test
+		t.Run(fmt.Sprint(k), func(t *testing.T) {
+			encryptedResults, err := encrypt([]byte(testCase.input), testCase.passphrase)
+			if err != nil {
+				t.Errorf("unexpected error: %s", err)
+				return
+			}
+
+			decryptedResults, err := decrypt(encryptedResults, testCase.passphrase)
+			if err != nil {
+				t.Errorf("unexpected error: %s", err)
+				return
+			}
+
+			if exp, got := string(decryptedResults), testCase.input; exp != got {
+				t.Errorf("expected result %s, got %s", exp, got)
+			}
+		})
+	}
+}
+
+func TestPassphraseValidate(t *testing.T) {
+	var tests = []struct {
+		passphrase Passphrase
+		valid      bool
+	}{
+		// valid tests
+		{Passphrase("popcorn"), true},
+		{Passphrase("pa$$word"), true},
+		{Passphrase("pdsasdas"), true},
+		{Passphrase("[asdsdasdmasn]"), true},
+		{Passphrase("popwas"), true},
+		{Passphrase("oi0isas"), true},
+		{Passphrase("0=2oasdaj"), true},
+		{Passphrase("testPass"), true},
+		{Passphrase("asdasdasd"), true},
+		{Passphrase("testP[ss"), true},
+		{Passphrase("195s2f5"), true},
+		{Passphrase("%%%%%%%s"), true},
+		{Passphrase("#491k2@"), true},
+
+		// invalid tests
+		{Passphrase("#49"), false},
+		{Passphrase("#f9"), false},
+		{Passphrase("as9"), false},
+		{Passphrase("bn9"), false},
+		{Passphrase("pop"), false},
+		{Passphrase("lol"), false},
+		{Passphrase("123"), false},
+		{Passphrase("default"), false},
+	}
+	for k, test := range tests {
+		testCase := test
+		t.Run(fmt.Sprint(k), func(t *testing.T) {
+			if exp, got := testCase.valid, testCase.passphrase.validate() == nil; exp != got {
+				t.Errorf("expected result %v, got %v", exp, got)
+			}
+		})
+	}
+}

cmd/filecrypt/main.go

@@ -0,0 +1,55 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"github.com/flew-software/filecrypt"
+	"os"
+	"strings"
+)
+
+// file crypt encrypted file
+const fileCryptExtension string = ".fcef"
+
+func main() {
+	// flag vars
+	var (
+		fileLocation string
+		password     string
+		mode         string
+		force        bool
+	)
+
+	// flags
+	flag.StringVar(&fileLocation, "location", "./", "Location of the file")
+	flag.StringVar(&password, "password", "default", "Password to use while encrypting/decrypting")
+	flag.StringVar(&mode, "mode", "undefined", "FileCrypt mode (encrypt/decrypt)")
+	flag.BoolVar(&force, "force", false, "Force write even if a file exists with that name (overwrite)")
+	flag.Parse()
+
+	app := filecrypt.App{
+		FileCryptExtension: fileCryptExtension,
+		Overwrite:          force,
+	}
+
+	switch strings.ToLower(mode) {
+	case "encrypt", "e":
+		newFile, err := app.Encrypt(fileLocation, filecrypt.Passphrase(password))
+		if err != nil {
+			fmt.Printf("could not encrypt file: %s\n", err)
+			os.Exit(1)
+		}
+		fmt.Printf("file encrypted:\n%s\n", newFile)
+
+	case "decrypt", "d":
+		newFile, err := app.Decrypt(fileLocation, filecrypt.Passphrase(password))
+		if err != nil {
+			fmt.Printf("could not decrypt file: %s\n", err)
+			os.Exit(1)
+		}
+		fmt.Printf("file decrypted:\n%s\n", newFile)
+	default:
+		fmt.Printf("unhandled mode: %s\n", mode)
+		os.Exit(1)
+	}
+}

encryption.go

@@ -0,0 +1,43 @@
+package filecrypt
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/md5"
+	"crypto/rand"
+	"encoding/hex"
+	"fmt"
+	"io"
+)
+
+type encryptedData []byte
+type decryptedData []byte
+type hash string
+
+func createHash(key string) hash {
+	hasher := md5.New()
+	hasher.Write([]byte(key))
+	return hash(hex.EncodeToString(hasher.Sum(nil)))
+}
+
+func encrypt(data []byte, p Passphrase) (encryptedData, error) {
+	block, _ := aes.NewCipher([]byte(createHash(string(p))))
+	gcm, _ := cipher.NewGCM(block)
+	nonce := make([]byte, gcm.NonceSize())
+	_, err := io.ReadFull(rand.Reader, nonce)
+	if err != nil {
+		return nil, fmt.Errorf("could not get nonce: %w", err)
+	}
+	cipherText := gcm.Seal(nonce, nonce, data, nil)
+	return cipherText, nil
+}
+
+func decrypt(data []byte, p Passphrase) (decryptedData, error) {
+	key := []byte(createHash(string(p)))
+	block, _ := aes.NewCipher(key)
+	gcm, _ := cipher.NewGCM(block)
+	nonceSize := gcm.NonceSize()
+	nonce, cipherText := data[:nonceSize], data[nonceSize:]
+	plainText, err := gcm.Open(nil, nonce, cipherText, nil)
+	return plainText, err
+}

file.go

@@ -0,0 +1,13 @@
+package filecrypt
+
+import (
+	"os"
+)
+
+func fileExists(filename string) bool {
+	info, err := os.Stat(filename)
+	if os.IsNotExist(err) {
+		return false
+	}
+	return !info.IsDir()
+}

go.mod

@@ -0,0 +1,3 @@
+module github.com/flew-software/filecrypt
+
+go 1.15