TOTP support for Vault

.gitignore

@@ -11,6 +11,7 @@ src/defines/confidential.h
 resources/personal/books/*.pdf
 resources/personal/books/*.epub
 resources/personal/vault/*.png
+resources/personal/vault/totp/*.txt
 resources/personal/videos/*
 resources/personal/videos/*.mp4
 
@@ -28,6 +29,7 @@ components/arduino
 .root/.platformio/*
 !.root/.platformio/.gitkeep
 
+.esp-idf/esp-idf
 .root/.esp-idf/esp-idf
 .root/.esp-idf/espressif/*
 !.root/.esp-idf/.gitkeep

platformio.ini

@@ -38,6 +38,7 @@ lib_deps =
 	https://github.com/Szybet/Olson2POSIX.git#e4ff5942d671cb0888be209e51f65f51c7599fc0
 	https://github.com/Szybet/SmallRTC.git#36469c0a42b1122693df0c7aa83c1571d5f42bd1
 	https://github.com/Szybet/open-meteo-arduino.git#f79d9ce2d1565610d8437674ce08a5317e891ea0
+	lucadentella/TOTP library@^1.1.0
 build_flags =
 	-Isrc/hardware/acc/lib/bma4/
 	-Isrc/hardware/acc/lib/bma5/

resources/demo/vault/totp/test1.txt

@@ -0,0 +1 @@
+VBM5SLWHG5GH3JJ2WO5NOY23MTQOMR4E

resources/tools/generate.sh

@@ -37,7 +37,7 @@ cd ../
 echo -e ''
 echo "Processing vault"
 cd vault/
-./convertImagesVault.sh
+./convertVault.sh
 cd ../
 
 echo -e ''

resources/tools/vault/convertImagesVault.sh

@@ -1,34 +1,8 @@
-#!/bin/bash
+# !/bin/bash
 source ../globalFunctions.sh
 
-config_file="../../../src/defines/confidential.h"
-vault_password=$(grep '#define VAULT_PASSWORD' "$config_file" | awk '{print $3}' | tr -d '"')
-
-if [[ $vault_password == 0* ]]; then
-    echo "Passwords starts with 0 - that's not allowed"
-    exit
-fi
-
-if [[ $vault_password =~ ^[0-9]+$ ]]; then
-    echo "Password is valid"
-    if [ ${#vault_password} -lt 16 ]; then
-        echo "Password is too small, adding 0 at the end of it"
-    fi
-    while [ ${#vault_password} -lt 16 ]; do
-        vault_password="${vault_password}0"
-    done
-else
-    echo "Password is invalid or doesn't exist"
-    exit
-fi
-
-echo "Using password: \"$vault_password\""
-
-random_salt=$(openssl rand -hex 16)
-echo "Random Salt: $random_salt"
-
-rm -rf out 1>/dev/null 2>/dev/null
-mkdir -p out/conf
+random_salt=$1
+vault_password=$2
 
 for f in ../../personal/vault/*
 do
@@ -65,12 +39,12 @@ do
     #cat encrypted_data_base64.bin | base64 -d > vault/$fc
 done
 
-echo -n "encryptionworked" | openssl enc -aes-128-ecb -nosalt -K "$(echo -n "$vault_password" | xxd -p -c 16)" -base64 > out/conf/check_enc
-echo -n "encryptionworked" > out/conf/check_dec
-echo -n $random_salt | openssl enc -aes-128-ecb -nosalt -K "$(echo -n "$vault_password" | xxd -p -c 16)" -base64 > out/conf/sault
+# echo -n "encryptionworked" | openssl enc -aes-128-ecb -nosalt -K "$(echo -n "$vault_password" | xxd -p -c 16)" -base64 > out/conf/check_enc
+# echo -n "encryptionworked" > out/conf/check_dec
+# echo -n $random_salt | openssl enc -aes-128-ecb -nosalt -K "$(echo -n "$vault_password" | xxd -p -c 16)" -base64 > out/conf/sault
 
-rm -rf ../fs/littlefs/vault/ 1>/dev/null 2>/dev/null
-mv out/ ../fs/littlefs/vault
+# rm -rf ../fs/littlefs/vault/ 1>/dev/null 2>/dev/null
+# mv out/ ../fs/littlefs/vault
 
 # Some testing commands
 # On arch linux install xxd-standalone

resources/tools/vault/convertTOTPVault.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+source ../globalFunctions.sh
+
+random_salt=$1
+vault_password=$2
+
+
+
+for f in ../../personal/vault/totp/*
+do
+    if [[ $f != *".txt"* ]]; then
+        continue
+    fi
+
+    if [ ! -f "$f" ]; then
+        continue
+    fi
+
+    file_name="${f##*/}"
+    echo "Processing $file_name"
+    f_path="out/$file_name"
+    cp $f $f_path
+
+    # h=$(identify -ping -format '%w' $f_path)
+    # w=$(identify -ping -format '%h' $f_path)
+    # if [ "$w" -ne 200 ] || [ "$h" -ne 200 ]; then
+    #     echo "Image dimensions are not 200x200. Resizing."
+    #     ../other/in/magick $f_path -resize 200x200! $f_path
+    #     h=200
+    #     w=200
+    # fi
+
+    fc=$(echo -n ${file_name%.*})
+
+    # ../other/in/magick $f_path -dither FloydSteinberg -define dither:diffusion-amount=90% -remap ../images/img/eink-2color.png -depth 1 gray:-
+    cat $f_path | openssl enc -aes-128-ecb -nosalt -K "$(echo -n "$vault_password" | xxd -p -c 16)" -base64 > out/totp/$fc
+
+
+    rm $f_path
+
+    #cat encrypted_data_base64.bin | base64 -d > encrypted_data.bin
+    #cat encrypted_data.bin | openssl enc -aes-128-cbc -d -K "$(echo -n "$vault_password" | xxd -p -c 16)" -iv "$random_salt" | xxd > decrypted_image.bin
+    #cat encrypted_data_base64.bin | base64 -d > vault/$fc
+done
+
+# Some testing commands
+# On arch linux install xxd-standalone
+# Working decryption
+# convert testImg.png -dither FloydSteinberg -define dither:diffusion-amount=90% -remap ../images/eink-2color.png -depth 1 gray:- | md5sum
+
+# convert testImg.png -dither FloydSteinberg -define dither:diffusion-amount=90% -remap ../images/eink-2color.png -depth 1 gray:- | openssl enc -aes-256-ecb -k "keykeykeyykeykey" -base64 | openssl enc -aes-256-ecb -d -k "keykeykeyykeykey" -base64 | md5sum
+
+#convert $f -dither FloydSteinberg -define dither:diffusion-amount=90% -remap ../images/eink-2color.png -depth 1 gray:- | openssl enc -aes-128-ecb -k "${vault_password}" -base64 2>/dev/null | xxd -i -n $fnel | sed 's/unsigned/const unsigned/g' >> vault.h
+
+#convert $f -dither FloydSteinberg -define dither:diffusion-amount=90% -remap ../images/eink-2color.png -depth 1 gray:- | openssl enc -aes-128-ecb -k "$vault_password" -base64 > encrypted_data_base64.bin
+
+#cat encrypted_data_base64.bin | base64 -d > encrypted_data.bin
+#cat encrypted_data.bin | openssl enc -aes-128-ecb -d -k "$vault_password" | xxd > decrypted_image.bin
+
+#xxd -i -n $fnel encrypted_data.bin | sed 's/unsigned/const unsigned/g' >> vault.h
+
+# Latest linux command testing
+# Pure image hash:
+# ../other/in/magick ../../personal/vault/dog.jpg -dither FloydSteinberg -define dither:diffusion-amount=90% -remap ../images/img/eink-2color.png -depth 1 gray:- | md5sum
+
+# Encrypted, decrypted hash
+# ../other/in/magick ../../personal/vault/dog.jpg -dither FloydSteinberg -define dither:diffusion-amount=90% -remap ../images/img/eink-2color.png -depth 1 gray:- | openssl enc -aes-256-ecb -k "keykeykeyykeykey" -base64 | openssl enc -aes-256-ecb -d -k "keykeykeyykeykey" -base64 | md5sum

resources/tools/vault/convertVault.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+source ../globalFunctions.sh
+
+config_file="../../../src/defines/confidential.h"
+vault_password=$(grep '#define VAULT_PASSWORD' "$config_file" | awk '{print $3}' | tr -d '"')
+
+if [[ $vault_password == 0* ]]; then
+    echo "Passwords starts with 0 - that's not allowed"
+    exit
+fi
+
+if [[ $vault_password =~ ^[0-9]+$ ]]; then
+    echo "Password is valid"
+    if [ ${#vault_password} -lt 16 ]; then
+        echo "Password is too small, adding 0 at the end of it"
+    fi
+    while [ ${#vault_password} -lt 16 ]; do
+        vault_password="${vault_password}0"
+    done
+else
+    echo "Password is invalid or doesn't exist"
+    exit
+fi
+
+echo "Using password: \"$vault_password\""
+
+random_salt=$(openssl rand -hex 16)
+echo "Random Salt: $random_salt"
+
+rm -rf out 1>/dev/null 2>/dev/null
+mkdir -p out/conf
+mkdir -p out/totp
+
+./convertImagesVault.sh $random_salt $vault_password
+echo -e ''
+./convertTOTPVault.sh $random_salt $vault_password
+
+echo -n "encryptionworked" | openssl enc -aes-128-ecb -nosalt -K "$(echo -n "$vault_password" | xxd -p -c 16)" -base64 > out/conf/check_enc
+echo -n "encryptionworked" > out/conf/check_dec
+echo -n $random_salt | openssl enc -aes-128-ecb -nosalt -K "$(echo -n "$vault_password" | xxd -p -c 16)" -base64 > out/conf/sault
+
+rm -rf ../fs/littlefs/vault/ 1>/dev/null 2>/dev/null
+mv out/ ../fs/littlefs/vault

src/defines/defines.h

@@ -48,6 +48,9 @@
 #if (DEBUG && SCREENSHOT_ENDPOINT)
 #include <ESPAsyncWebServer.h>
 #endif
+#if VAULT
+#include <TOTP.h>
+#endif
 #include "rusty.h"
 
 // Order important

src/ui/manager/manager.cpp

@@ -308,6 +308,27 @@ void loopManager()
 #if VAULT
         // TODO: generalMenuPlace? Ooh?
         managerLaunchFunc(generalMenuPlace, NULL, loopMenu, exitVault);
+#endif
+        break;
+    }
+    case vaultTotpMenu:
+    {
+#if VAULT
+        managerLaunchFunc(generalMenuPlace, NULL, loopMenu, exitVaultTotp);
+#endif
+        break;
+    }
+    case vaultTotp:
+    {
+#if VAULT
+        managerLaunchFunc(vaultTotp,initVaultTotp,loopVaultTotp,exitVaultTotp);
+#endif
+        break;
+    }
+    case vaultTotpValue:
+    {
+#if VAULT
+        managerLaunchFunc(vaultTotpValue,initVaultTotpValue,loopVaultTotpValue);
 #endif
         break;
     }

src/ui/manager/manager.h

@@ -33,6 +33,9 @@ typedef enum
     vault,
     vaultImage, // because of exit function
     vaultMenu, // because of exit function
+    vaultTotp,
+    vaultTotpMenu,
+    vaultTotpValue,
     apple,
     apple2,
     calendarDateMenu,
@@ -119,6 +122,8 @@ void switchWatchfaceSelectorMenu();
 void switchBook();
 void switchBookSelector();
 void switchVault();
+void switchTotpMenu();
+void switchTotpValue();
 void switchBack();
 #if VIDEO_PLAYER
 void switchVideoPlayer();
@@ -146,4 +151,3 @@ void switchHeartMonitor();
 void switchFontsPreview();
 #endif
 void showTextDialog(String str);
-

src/ui/manager/managerSwitches.cpp

@@ -123,6 +123,14 @@ void switchVault()
     generalSwitch(vault);
 }
 
+void switchTotpMenu() {
+    generalSwitch(vaultTotp);
+}
+
+void switchTotpValue() {
+    generalSwitch(vaultTotpValue);
+}
+
 void switchBack()
 {
     setButton(Back);