===================================================================
RCS file: /cvs/palm/Palm-Keyring/lib/Palm/Keyring.pm,v
retrieving revision 1.1
retrieving revision 1.7
diff -u -r1.1 -r1.7
--- palm/Palm-Keyring/lib/Palm/Keyring.pm	2006/01/26 20:54:19	1.1
+++ palm/Palm-Keyring/lib/Palm/Keyring.pm	2006/11/10 16:45:42	1.7
@@ -8,8 +8,8 @@
 #
 #   This started as Memo.pm, I just made it work for Keyring.
 #
-# $Id: Keyring.pm,v 1.1 2006/01/26 20:54:19 andrew Exp $
-# $RedRiver$
+# $Id: Keyring.pm,v 1.7 2006/11/10 16:45:42 andrew Exp $
+# $RedRiver: Keyring.pm,v 1.6 2006/11/10 16:18:59 andrew Exp $
 
 use strict;
 package Palm::Keyring;
@@ -18,7 +18,7 @@
 use vars qw( $VERSION @ISA );
 
 use Digest::MD5 qw(md5);
-use Crypt::TripleDES;
+use Crypt::DES;
 
 use constant ENCRYPT    =>  1;
 use constant DECRYPT    =>  0;
@@ -27,7 +27,7 @@
 
 
 # One liner, to allow MakeMaker to work.
-$VERSION = do { my @r = (q$Revision: 1.1 $ =~ /\d+/g); sprintf "%d."."%02d" x $#r, @r };
+$VERSION = do { my @r = (q$Revision: 1.7 $ =~ /\d+/g); sprintf "%d."."%02d" x $#r, @r };
 
 @ISA = qw( Palm::StdAppInfo Palm::Raw );
 
@@ -65,17 +65,16 @@
 	my $classname	= shift;
 	my $pass = shift;
 
+	# Create a generic PDB. No need to rebless it, though.
 	my $self	= $classname->SUPER::new(@_);
-			# Create a generic PDB. No need to rebless it,
-			# though.
 
 	$self->{name} = "Keys-Gtkr";	# Default
 	$self->{creator} = "Gtkr";
 	$self->{type} = "Gkyr";
+	# The PDB is not a resource database by
+	# default, but it's worth emphasizing,
+	# since MemoDB is explicitly not a PRC.
 	$self->{attributes}{resource} = 0;
-				# The PDB is not a resource database by
-				# default, but it's worth emphasizing,
-				# since MemoDB is explicitly not a PRC.
 
 	# Initialize the AppInfo block
 	$self->{appinfo} = {};
@@ -87,17 +86,15 @@
 	$self->{version} = 4;
 
 	# Give the PDB the first record that will hold the encrypted password
-	$self->{records} = [
-		{
-		  'category' => 0,
-		  'attributes' => {
-							'private' => 1,
-							'Secret' => 1,
-							'Dirty' => 1,
-							'dirty' => 1
-						  },
+	$self->{records} = [ {
+		'category'   => 0,
+		'attributes' => {
+			'private' => 1,
+			'Secret'  => 1,
+			'Dirty'   => 1,
+			'dirty'   => 1,
 		},
-	];
+	}, ];
 
 	if ($pass) {
 		$self->Encrypt($pass);
@@ -113,11 +110,34 @@
 		);
 }
 
+sub Load
+{
+	my $self = shift;
+	$self->SUPER::Load(@_);
+
+	foreach my $record (@{ $self->{records} }) {
+		next unless exists $record->{data};
+		my ($name, $encrypted) = split /\000/, $record->{data}, 2;
+		next unless $encrypted;
+		$record->{plaintext}->{name} = $name;
+        $record->{encrypted} = $encrypted;
+	}
+	1;
+}
+
+sub Write
+{
+	my $self = shift;
+	$self->Encrypt() || return undef;
+	return $self->SUPER::Load(@_);
+}
+
 sub Encrypt
 {
 	my $self = shift;
 	my $pass = shift;
 
+
 	if ($pass) {
 		unless ($self->_keyring_verify($pass) ) {
 			# This would encrypt with a new password.  
@@ -127,26 +147,26 @@
 		}
 	}
 
-	my $seen_enc_pass = 0;
-	foreach my $record (@{ $self->{records} }) {
-		unless ($seen_enc_pass) {
-			$seen_enc_pass = 1;
-			next;
-		}
+	$self->{digest} ||= _calc_keys($self->{password});
 
+	foreach my $record (@{ $self->{records} }) {
 		next unless defined $record->{plaintext};
 
-		my $name        = defined $record->{plaintext}->{name}        ? $record->{plaintext}->{name}        : '';
-		my $account     = defined $record->{plaintext}->{account}     ? $record->{plaintext}->{account}     : '';
-		my $password    = defined $record->{plaintext}->{password}    ? $record->{plaintext}->{password}    : '';
-		my $description = defined $record->{plaintext}->{description} ? $record->{plaintext}->{description} : '';
+		my $name        = defined $record->{plaintext}->{name}        ? 
+			$record->{plaintext}->{name}        : '';
+		my $account     = defined $record->{plaintext}->{account}     ? 
+			$record->{plaintext}->{account}     : '';
+		my $password    = defined $record->{plaintext}->{password}    ? 
+			$record->{plaintext}->{password}    : '';
+		my $description = defined $record->{plaintext}->{description} ? 
+			$record->{plaintext}->{description} : '';
 		my $extra       = '';
 
-		my $plaintext = join("\0", $account, $password, $description, $extra);
+		my $plaintext = join("\000", $account, $password, $description, $extra);
 
-		my $encrypted = $self->_crypt($plaintext, ENCRYPT);
+		my $encrypted = _crypt3des($plaintext, $self->{digest}, ENCRYPT);
 
-		$record->{data} = join("\0", $name, $encrypted);
+		$record->{data} = join("\000", $name, $encrypted);
 	}
 
 	return 1;
@@ -161,28 +181,37 @@
 		$self->_keyring_verify($pass) || return undef;
 	}
 
-	my $seen_enc_pass = 0; 
-	foreach my $record (@{ $self->{records} }) {
-		unless ($seen_enc_pass) {
-			# need to skip the first record because it is the encrypted password
-			$seen_enc_pass = 1;
-			next;
-		}
+	$self->{digest} ||= _calc_keys($self->{password});
 
+	foreach my $record (@{ $self->{records} }) {
 		next unless defined $record->{data};
 
-		my ($name, $encrypted) = split /\0/, $record->{data};
+		my ($name, $encrypted) = split /\000/, $record->{data}, 2;
+		next unless $encrypted;
+
 		$record->{plaintext}->{name} = $name;
 
-		my $decrypted = $self->_crypt($encrypted, DECRYPT);
+		my $decrypted = _crypt3des($encrypted, $self->{digest}, DECRYPT);
 		my ($account, $password, $description, $extra) 
-		      = split /\0/, $decrypted, 4;
+		      = split /\000/, $decrypted, 4;
 
-		$record->{plaintext}->{account}     = defined $account     ? $account     : '';
-		$record->{plaintext}->{password}    = defined $password    ? $password    : '';
-		$record->{plaintext}->{description} = defined $description ? $description : '';
+		$record->{plaintext}->{account}     = defined $account     ? 
+			$account     : '';
+		$record->{plaintext}->{password}    = defined $password    ? 
+			$password    : '';
+		$record->{plaintext}->{description} = defined $description ? 
+			$description : '';
 
+		#print "Name:      '$name'\n";
+		#print "Encrypted: '$encrypted' - Length: " . length($encrypted) . "\n";
+		#print "    Hex:   '" . unpack("H*", $encrypted) . "'\n";
+		#print "    Binary:'" . unpack("b*", $encrypted) . "'\n";
+		#print "Decrypted: '$decrypted' - Length: " . length($decrypted) . "\n";
+		#print "    Hex:   '" . unpack("H*", $decrypted) . "'\n";
+		#print "    Binary:'" . unpack("b*", $decrypted) . "'\n";
+		#print "\n";
 		#print "Extra: $extra\n";
+		#exit;
 		#--------------------------------------------------
 		# print "Account:     $account\n";
 		# print "Password:    $password\n";
@@ -194,29 +223,9 @@
 	return 1;
 }
 
-sub _crypt
-{
-	my $self = shift;
-	my $original = shift;
-	my $flag = shift;
-
-	my $digest = $self->{digest} || $self->_calc_keys();
-	#print "DIGEST: $digest\n";
-
-	my $des = new Crypt::TripleDES;
-
-	if ($flag == ENCRYPT) {
-		return $des->encrypt3($original, $digest);
-	} else {
-		return $des->decrypt3($original, $digest);
-	}
-}
-
 sub _calc_keys
 {
-	my $self = shift;
-
-	my $pass = $self->{'password'};
+	my $pass = shift;
 	die "No password defined!" unless defined $pass;
 
 	my $digest = md5($pass);
@@ -233,7 +242,6 @@
 	# print length $digest, "\n";
 	#-------------------------------------------------- 
 
-	$self->{digest} = $digest;
 	return $digest;
 }
 
@@ -242,12 +250,12 @@
 	my $self = shift;
 	my $pass = shift;
 
-	die "No password specified!" unless defined $pass;
+	die "No password specified!" unless $pass;
 	$self->{password} = $pass;
 
 	# AFAIK the thing we use to test the password is 
 	#     always in the first entry
-	my $data = $self->{records}->[0]->{data};
+	my $data = $self->{records}->[1]->{data};
 	#die "No encrypted password in file!" unless defined $data;
 	return undef unless defined $data;
 
@@ -263,7 +271,8 @@
 
 	if ($data eq $salt . $digest) {
 		# May as well generate the keys we need now, since we know the password is right
-		if ($self->_calc_keys()) {
+		$self->{digest} = _calc_keys($self->{password});
+		if ($self->{digest}) {
 			return 1;
 		} else {
 			return undef;
@@ -282,10 +291,10 @@
 	my $self = shift;
 	my $pass = shift;
 
-	die "No password specified!" unless defined $pass;
+	die "No password specified!" unless $pass;
 
 	# if the database already has a password in it
-	if ($self->{records}->[0]->{data}) {
+	if ($self->{records}->[1]->{data}) {
 		# Make sure everything is decrypted before we update the keyring
 		$self->Decrypt() || return undef;
 	}
@@ -305,14 +314,57 @@
 
 	# AFAIK the thing we use to test the password is 
 	#     always in the first entry
-	$self->{records}->[0]->{data} = $data;
+	$self->{records}->[1]->{data} = $data;
 
 	$self->{password} = $pass;
-	$self->_calc_keys();
+	$self->{digest}   = _calc_keys($self->{password});
 
 	return 1;
 }
 
+
+# XXX Have to make this encrypt as well as decrypting, but w00 h00!
+# do null padding on the end of a cleartext if we are going to encrypt it
+sub _crypt3des { 
+	my ( $plaintext, $passphrase, $flag ) = @_; 
+
+	$passphrase .= ' ' x (16*3); 
+	my $cyphertext = "";
+
+
+	my $size = length ( $plaintext );
+	#print "STRING: '$plaintext' - Length: " . length($plaintext) . "\n";
+
+	# This check should see if it is plaintext first, if it is, 
+	#   pad it with \000
+	# if not, then die
+	die "record not 8 byte padded" if (length($plaintext) % 8) && ! $flag;
+
+	my @C;
+	for ( 0..2 ) {
+		$C[$_] = new Crypt::DES( pack( "H*", substr($passphrase, 16*$_, 16 )));
+	}
+
+	for ( 0 .. (($size)/8) - 1) { 
+		my $pt = substr( $plaintext, $_*8, 8 );
+		#print "PT: '$pt' - Length: " . length($pt) . "\n";
+		if (length($pt) < 8) {
+			my $len = 8 - length($pt);
+			print "LENGTH: $len\n";
+			print "Binary:    '" . unpack("b*", $pt) . "'\n";
+			$pt .= (chr(0) x $len);# . $pt;
+			print "Binary:    '" . unpack("b*", $pt) . "'\n";
+			#print "PT: '$pt' - Length: " . length($pt) . "\n";
+		}
+		$pt = $C[0]->decrypt( $pt );
+		$pt = $C[1]->encrypt( $pt );
+		$pt = $C[2]->decrypt( $pt );
+		#print "PT: '$pt' - Length: " . length($pt) . "\n";
+		$cyphertext .= $pt; 
+	} 
+
+	return substr ( $cyphertext, 0, $size );
+}
 
 1;
 __END__