Merge branch 'release/0.9.10'

Author: tknarr

README.rst

@@ -18,7 +18,9 @@ Copyright 2016 Todd T Knarr <tknarr@silverglass.org>
 This program is free software: you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
 Foundation, either version 3 of the License, or (at your option) any later
-version.
+version. The Fernet AES256 implementation (fernet256.py) is dual licensed
+under the terms of the Apache License version 2.0 and the BSD License as
+noted in the source file.
 
 This program is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
@@ -36,10 +38,10 @@ and other software and hardware using the standard TOTP algorithm outlined in
 `RFC 6238 <https://tools.ietf.org/html/rfc6238>`_ (support for the HOTP algorithm
 outlined in `RFC 4226 <https://tools.ietf.org/html/rfc4226>`_ is planned).
 
-Secrets are encrypted in the database using AES encryption in CBC mode. There is
-no option for storing unencrypted secrets. If you were using an older beta version
-of this program, you will be prompted for a password and upon first save the
-secrets will be encrypted using it.
+Secrets are encrypted using AES256, there is no option for storing unencrypted
+secrets. If you were using an older beta version, you will be prompted for a
+password and the stored secrets will be migrated to the current encryption without
+requiring any more user intervention.
 
 PyPI page: `https://pypi.python.org/pypi/PyAuth <https://pypi.python.org/pypi/PyAuth>`_
 
@@ -50,7 +52,9 @@ Prerequisites
 * `wxPython <http://www.wxpython.org/>`_ 3.0 or higher, which requires matching
   `wxWidgets <http://www.wxwidgets.org/>`_
 * `pyotp 2.0.1 <https://pypi.python.org/pypi/pyotp>`_ or higher
-* `pycrypto 2.6.1 <https://pypi.python.org/pypi/pycrypto>`_ or higher
+* `cryptography 1.3 <https://pypi.python.org/pypi/cryptography>`_ or higher
+* `pycrypto 2.6.1 <https://pypi/python.org/pypi/pycrypto>`_ or higher, strictly for
+  decrypting older databases
 
 wxPython isn't automatically pulled in by ``pip`` because the version at PyPI is
 still 2.9. Your distribution probably includes a pre-packaged version, or you can

VERSIONS.md

@@ -1,6 +1,6 @@
 # PyAuth version history:
 
-* 1.0.0 - Initial release
+* 0.9.10 - Implement authenticated 256-bit encryption
 
 * 0.9.7 - Keyboard accelerators working
 

pyauth/About.py

@@ -1,8 +1,23 @@
 # -*- coding: utf-8 -*-
 """Metadata about the program."""
 
+## PyAuth - Google Authenticator desktop application
+## Copyright (C) 2016 Todd T Knarr <tknarr@silverglass.org>
+
+## This program is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program.  If not, see http://www.gnu.org/licenses/
+
 import sysconfig
-import base64
 import io
 import pkg_resources
 import wx

pyauth/AuthEntryPanel.py

@@ -1,6 +1,22 @@
 # -*- coding: utf-8 -*-
 """Authentication code entry panel."""
 
+## PyAuth - Google Authenticator desktop application
+## Copyright (C) 2016 Todd T Knarr <tknarr@silverglass.org>
+
+## This program is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program.  If not, see http://www.gnu.org/licenses/
+
 import wx
 from AuthenticationStore import AuthenticationEntry
 from Logging import GetLogger

pyauth/AuthFrame.py

@@ -1,6 +1,22 @@
 # -*- coding: utf-8 -*-
 """Frame for the main window."""
 
+## PyAuth - Google Authenticator desktop application
+## Copyright (C) 2016 Todd T Knarr <tknarr@silverglass.org>
+
+## This program is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program.  If not, see http://www.gnu.org/licenses/
+
 import math
 import sysconfig
 import pkg_resources
@@ -16,6 +32,7 @@
 from ChangeDatabasePasswordDialog import ChangeDatabasePasswordDialog
 from HTMLTextDialog import HTMLTextDialog
 from Logging import GetLogger
+from Errors import DecryptionError, PasswordError
 
 class AuthTaskbarIcon( wx.TaskBarIcon ):
     """Notification tray icon."""
@@ -205,13 +222,22 @@ def OnCreate( self, event ):
                 break
             try:
                 self.auth_store = AuthenticationStore( Configuration.GetDatabaseFilename(), password )
-            except ValueError:
+            except DecryptionError as e:
+                GetLogger().error( str( e ) )
+                GetLogger().error( "Failure decrypting database." )
                 retry = True
-            else:
+            except PasswordError as e:
+                GetLogger().error( str( e ) )
+                GetLogger().error( "Password problem decrypting database." )
+                retry = True
+            except Exception as e:
+                GetLogger().error( str( e ) )
+                GetLogger().critical( "Unexpected exception decrypting database." )
                 retry = False
             finally:
                 if self.auth_store != None:
                     authentication_store_ok = True
+                    retry = False
         if not authentication_store_ok:
             GetLogger().critical( "Database could not be opened" )
             self.do_not_save = True
@@ -427,7 +453,14 @@ def OnCloseWindow( self, event ):
             self.timer = None
             if not self.do_not_save:
                 if self.auth_store != None:
-                    self.auth_store.Save()
+                    try:
+                        self.auth_store.Save()
+                    except PasswordError:
+                        dlg = wx.MessageDialog( self, "A database password is required.", "Error",
+                                                style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
+                        dlg.SetExtendedMessage( "The database could not be properly saved." )
+                        dlg.ShowModal()
+                        dlg.Destroy()
                 wp = self.GetPosition()
                 Configuration.SetLastWindowPosition( wp )
                 if self.displayed:
@@ -503,7 +536,12 @@ def OnMenuNewEntry( self, event ):
             GetLogger().debug( "AF NE account  %s", account )
             GetLogger().debug( "AF NE digits   %d", digits )
             GetLogger().debug( "AF NE orig lbl %s", original_label )
-            entry = self.auth_store.Add( provider, account, secret, digits, original_label )
+            try:
+                entry = self.auth_store.Add( provider, account, secret, digits, original_label )
+                sts = ''
+            except PasswordError:
+                entry = None
+                sts = 'password'
             if entry != None:
                 GetLogger().debug( "AF NE new panel: %d", entry.GetGroup() )
                 # If all we have is the dummy entry then replace it, otherwise add the new entry at the end
@@ -524,10 +562,15 @@ def OnMenuNewEntry( self, event ):
                 ##                    unicode( panel.GetMinSize() ) )
                 self.UpdatePanelSize()
             else:
-                GetLogger().debug( "AF NE duplicate item" )
-                dlg = wx.MessageDialog( self, "That entry already exists.", "Error",
-                                        style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
-                dlg.SetExtendedMessage( "Provider: {0}\nAccount: {1}".format( provider, account ) )
+                if sts == 'password':
+                    GetLogger().debug( "AF NE password error" )
+                    dlg = wx.MessageDialog( self, "A database password is required.", "Error",
+                                            style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
+                else:
+                    GetLogger().debug( "AF NE duplicate item" )
+                    dlg = wx.MessageDialog( self, "That entry already exists.", "Error",
+                                            style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
+                    dlg.SetExtendedMessage( "Provider: {0}\nAccount: {1}".format( provider, account ) )
                 dlg.ShowModal()
                 dlg.Destroy()
 
@@ -568,10 +611,14 @@ def OnMenuEditEntry( self, event ):
                         GetLogger().debug( "AF UE updating entry" )
                         status = self.auth_store.Update( entry.GetGroup(), provider, account, secret, digits )
                         if status < 0:
-                            dlg = wx.MessageDialog( self, "Database is corrupted.", "Error",
-                                                    style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
-                            dlg.SetExtendedMessage( "Multiple copies of the entry were found.\n" +
-                                                    "The database is likely corrupted and needs repaired." )
+                            if status == -100:
+                                dlg = wx.MessageDialog( self, "A database password is required.", "Error",
+                                                        style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
+                            else:
+                                dlg = wx.MessageDialog( self, "Database is corrupted.", "Error",
+                                                        style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
+                                dlg.SetExtendedMessage( "Multiple copies of the entry were found.\n" +
+                                                        "The database is likely corrupted and needs repaired." )
                             dlg.ShowModal()
                             dlg.Destroy()
                         elif status == 0:
@@ -779,7 +826,13 @@ def OnMenuReindex( self, event ):
         """Handle a request to reindex the database from the menu."""
         GetLogger().debug( "AF menu Reindex command" )
         GetLogger().info( "Database reindex ordered" )
-        self.auth_store.Reindex()
+        try:
+            self.auth_store.Reindex()
+        except PasswordError:
+            dlg = wx.MessageDialog( self, "A database password is required.", "Error",
+                                    style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
+            dlg.ShowModal()
+            dlg.Destroy()
         self.depopulate_entries_window()
         self.populate_entries_window()
         self.UpdatePanelSize()
@@ -788,7 +841,13 @@ def OnMenuRegroup( self, event ):
         """Handle a request to re-group the database from the menu."""
         GetLogger().debug( "AF menu Regroup command" )
         GetLogger().info( "Database regroup and reindex ordered" )
-        self.auth_store.Regroup()
+        try:
+            self.auth_store.Regroup()
+        except PasswordError:
+            dlg = wx.MessageDialog( self, "A database password is required.", "Error",
+                                    style = wx.OK | wx.ICON_ERROR | wx.STAY_ON_TOP | wx.CENTRE )
+            dlg.ShowModal()
+            dlg.Destroy()
         self.depopulate_entries_window()
         self.populate_entries_window()
         self.UpdatePanelSize()