refactor: encrypt the sensitive data

gpgui/src-tauri/src/crypto.rs

@@ -0,0 +1,46 @@
+use aes_gcm::{
+    aead::{consts::U12, Aead, OsRng},
+    AeadCore, Aes256Gcm, Key, KeyInit, Nonce,
+};
+use keyring::Entry;
+
+const SERVICE_NAME: &str = "GlobalProtect-openconnect";
+const ENTRY_KEY: &str = "master-key";
+
+fn get_master_key() -> Result<Key<Aes256Gcm>, anyhow::Error> {
+    let key_entry = Entry::new(SERVICE_NAME, ENTRY_KEY)?;
+
+    if let Ok(key) = key_entry.get_password() {
+        let key = hex::decode(key)?;
+        return Ok(Key::<Aes256Gcm>::clone_from_slice(&key));
+    }
+
+    let key = Aes256Gcm::generate_key(OsRng);
+    let encoded_key = hex::encode(key);
+
+    key_entry.set_password(&encoded_key)?;
+
+    Ok(key)
+}
+
+pub(crate) fn encrypt(data: &str) -> Result<String, anyhow::Error> {
+    let master_key = get_master_key()?;
+    let cipher = Aes256Gcm::new(&master_key);
+    let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
+    let cipher_text = cipher.encrypt(&nonce, data.as_bytes())?;
+
+    let mut encrypted = nonce.to_vec();
+    encrypted.extend_from_slice(&cipher_text);
+    Ok(hex::encode(encrypted))
+}
+
+pub(crate) fn decrypt(encrypted: &str) -> Result<String, anyhow::Error> {
+    let master_key = get_master_key()?;
+    let encrypted = hex::decode(encrypted)?;
+    let nonce = Nonce::<U12>::from_slice(&encrypted[..12]);
+    let cipher_text = &encrypted[12..];
+    let cipher = Aes256Gcm::new(&master_key);
+    let plain_text = cipher.decrypt(nonce, cipher_text)?;
+
+    String::from_utf8(plain_text).map_err(|err| err.into())
+}