palm/Palm-Keyring/lib/Palm/Keyring.pm - diff

Return to Keyring.pm CVS log

Up to [local] / palm / Palm-Keyring / lib / Palm

Diff for /palm/Palm-Keyring/lib/Palm/Keyring.pm between version 1.29 and 1.34

version 1.29, 2007/02/19 00:22:42

version 1.34, 2007/02/21 05:24:14

Line 1

package Palm::Keyring;

# $RedRiver: Keyring.pm,v 1.28 2007/02/18 05:50:25 andrew Exp $

# $RedRiver: Keyring.pm,v 1.33 2007/02/21 01:26:07 andrew Exp $

########################################################################

# Keyring.pm *** Perl class for Keyring for Palm OS databases.

Line 16

use warnings;

use Carp;

use Data::Dumper;

use base qw/ Palm::StdAppInfo /;

use Digest::HMAC_SHA1 qw(hmac_sha1);

use Digest::SHA1 qw(sha1);

use Crypt::CBC;

use Digest::MD5 qw(md5);

use Crypt::DES;

my $ENCRYPT = 1;

my $DECRYPT = 0;

my $MD5_CBLOCK = 64;

Line 36

Line 28

my $NULL = chr 0;

my @CRYPTS = (

{ # None

{

alias => 'None',

name => 'None',

keylen => 8,

blocksize => 1,

default_iter => 500,

{ # DES-EDE3

{

alias => 'DES-EDE3',

name => 'DES_EDE3',

keylen => 24,

blocksize => 8,

DES_odd_parity => 1,

default_iter => 1000,

{ # AES128

{

alias => 'AES128',

name => 'Rijndael',

keylen => 16,

blocksize => 16,

default_iter => 100,

{ # AES256

{

alias => 'AES256',

name => 'Rijndael',

keylen => 32,

blocksize => 16,

Line 131

Line 127

return 1;

}

# Accessors

sub crypts

{

my $crypt = shift;

if ($crypt =~ /\D/) {

foreach my $c (@CRYPTS) {

if ($c->{alias} eq $crypt) {

return $c;

}

# didn't find it.

return;

} else {

return $CRYPTS[$crypt];

}

# ParseRecord

sub ParseRecord

Line 154

Line 168

} elsif ($self->{version} == 5) {

my $blocksize = $CRYPTS[ $self->{appinfo}->{cipher} ]{blocksize};

my ($field, $extra) = _parse_field($rec->{data});

my ($ivec, $encrypted) = unpack "A$blocksize A*", $extra;

my $ivec = substr $extra, 0, $blocksize;

my $encrypted = substr $extra, $blocksize;

if ($self->{options}->{v4compatible}) {

$rec->{name} = $field->{data};

} else {

$rec->{name} = $field;

}

$rec->{ivec} = $ivec;

$rec->{encrypted} = $encrypted;

delete $rec->{data};

} else {

die 'Unsupported Version';

Line 190

Line 202

}

} elsif ($self->{version} == 5) {

my $field;

my $field = {

if ($rec->{name}) {

'label_id' => 1,

if ($self->{options}->{v4compatible}) {

'data' => $rec->{name},

$field = {

'font' => 0,

label => 'name',

};

font => 0,

my $packed .= _pack_field($field);

data => $rec->{'name'},

};

} else {

$field = $rec->{name};

}

my $packed = '';

if ($field) {

$packed = _pack_field($field);

}

my $len = length $packed;

my $blocksize = $CRYPTS[ $self->{appinfo}->{cipher} ]{blocksize};

$rec->{data} = pack "A$len A$blocksize A*",

$rec->{data} = join '', $packed, $rec->{ivec}, $rec->{encrypted};

$packed, $rec->{ivec}, $rec->{encrypted};

} else {

die 'Unsupported Version';

Line 330

Line 329

my $rec = shift;

my $data = shift;

my $pass = shift || $self->{password};

my $ivec = shift;

if ( ! $pass && ! $self->{appinfo}->{key}) {

croak("password not set!\n");

Line 359

$rec->{name} ||= $data->{name};

} elsif ($self->{version} == 5) {

my @recs = ($data, $acct);

my @accts = ($data, $acct);

my $name;

if ($self->{options}->{v4compatible}) {

$rec->{name} ||= $data->{name};

foreach my $rec (@recs) {

foreach my $a (@accts) {

my @fields;

foreach my $k (sort keys %{ $rec }) {

foreach my $k (sort keys %{ $a }) {

my $field = {

label => $k,

font => 0,

data => $rec->{$k},

data => $a->{$k},

};

push @fields, $field;

}

$rec = \@fields;

$a = \@fields;

}

my $ivec;

($encrypted, $ivec) = _encrypt_v5(

@recs,

@accts,

$self->{appinfo}->{key},

$self->{appinfo}->{cipher},

$ivec,

);

if ($ivec) {

if (defined $ivec) {

$rec->{ivec} = $ivec;

}

Line 408

Line 407

sub _encrypt_v4

{

require Crypt::CBC;

my $new = shift;

my $old = shift;

my $digest = shift;

Line 481

Line 482

my $old = shift;

my $key = shift;

my $cipher = shift;

my $ivec = shift || pack("C*",map {rand(256)} 1..8);

my $ivec = shift;

my $blocksize = $CRYPTS[ $cipher ]{blocksize};

my $keylen = $CRYPTS[ $cipher ]{keylen};

my $cipher_name = $CRYPTS[ $cipher ]{name};

if (! defined $ivec) {

$ivec = pack("C*",map {rand(256)} 1..$blocksize);

}

my $changed = 0;

my $need_newdate = 1;

my $date_index;

Line 548

Line 553

foreach my $field (@{ $new }) {

$decrypted .= _pack_field($field);

}

my $encrypted;

if ($cipher_name eq 'None') {

# do nothing

Line 561

Line 565

-iv => $ivec,

-cipher => $cipher_name,

-keysize => $keylen,

-blocksize => $blocksize,

-header => 'none',

-padding => 'oneandzeroes',

);

Line 580

Line 585

# Decrypt

sub Decrypt

{

my $self = shift;

my $rec = shift;

Line 594

Line 599

croak("Needed parameter 'record' not passed!\n");

}

if ( ! $self->Password($pass)) {

if ( $pass && ! $self->Password($pass)) {

croak("Invalid Password!\n");

}

Line 654

Line 659

sub _decrypt_v5

{

require Crypt::CBC;

my $encrypted = shift;

my $key = shift;

my $cipher = shift;

Line 661

Line 668

my $keylen = $CRYPTS[ $cipher ]{keylen};

my $cipher_name = $CRYPTS[ $cipher ]{name};

my $blocksize = $CRYPTS[ $cipher ]{blocksize};

my $decrypted;

Line 675

Line 683

-iv => $ivec,

-cipher => $cipher_name,

-keysize => $keylen,

-blocksize => $blocksize,

-header => 'none',

-padding => 'oneandzeroes',

);

Line 682

Line 691

if (! $c) {

croak("Unable to set up encryption!");

}

$encrypted .= $NULL x $keylen; # pad out a keylen

my $len = $blocksize - length($encrypted) % $blocksize;

$encrypted .= $NULL x $len;

$decrypted = $c->decrypt($encrypted);

} else {

Line 713

Line 723

if (! $pass) {

delete $self->{password};

delete $self->{key};

delete $self->{appinfo}->{key};

return 1;

}

Line 791

Line 801

sub _password_verify_v4

{

require Digest::MD5;

import Digest::MD5 qw(md5);

my $pass = shift;

my $data = shift;

Line 808

Line 821

my $digest = md5($msg);

if (! $data eq $salt . $digest ) {

if ($data ne $salt . $digest ) {

return;

}

Line 891

Line 904

sub _password_update_v4

{

require Digest::MD5;

import Digest::MD5 qw(md5);

my $pass = shift;

if (! defined $pass) { croak('No password specified!'); };

Line 939

Line 955

return $key;

}

# Helpers

sub _calc_keys

{

Line 968

Line 985

{

my ($pass, $salt, $iter, $keylen, $dop) = @_;

require Digest::HMAC_SHA1;

import Digest::HMAC_SHA1 qw(hmac_sha1);

require Digest::SHA1;

import Digest::SHA1 qw(sha1);

my $key = _pbkdf2( $pass, $salt, $iter, $keylen, \&hmac_sha1 );

if ($dop) { $key = DES_odd_parity($key); }

Line 978

Line 1000

sub _crypt3des

{

require Crypt::DES;

my ( $plaintext, $passphrase, $flag ) = @_;

$passphrase .= $SPACE x ( 16 * 3 );

Line 1040

Line 1064

if ($len + 4 > length $field) {

return undef, $field;

}

my $unpackstr = "S1 C1 C1 A$len";

my $unpackstr = "x2 C1 C1 A$len";

if ($len % 2) {

my $offset = 2 +1 +1 +$len;

if ($len % 2) { # && $len + 4 < length $field) {

# trim the 0/1 byte padding for next even address.

$offset++;

$unpackstr .= ' x'

}

$unpackstr .= ' A*';

my (undef, $label, $font, $data, $leftover)

my ($label, $font, $data) = unpack $unpackstr, $field;

= unpack $unpackstr, $field;

my $leftover = substr $field, $offset;

if ($label == 3) {

$data = _parse_keyring_date($data);

Line 1227

Line 1252

__END__

=head1 NAME

Palm::Keyring - Handler for Palm Keyring databases.

Line 1241

Line 1265

It has the standard Palm::PDB methods with 2 additional public methods.

Decrypt and Encrypt.

It currently supports the v4 Keyring databases. The v5 databases from

It currently supports the v4 Keyring databases.

the pre-release keyring-2.0 are not supported.

The pre-release v5 databases are mostly supported. There are definitely some

bugs, For example, t/keyring5.t sometimes fails. I am not sure why yet.

This module doesn't store the decrypted content. It only keeps it until it

returns it to you or encrypts it.

Line 1258

Line 1283

$pdb->Load($file);

foreach (0..$#{ $pdb->{records} }) {

next if $_ = 0; # skip the password record

# skip the password record for version 4 databases

next if $_ == 0 && $pdb->{version} == 4;

my $rec = $pdb->{records}->[$_];

my $acct = $pdb->Decrypt($rec, $pass);

print $rec->{name}, ' - ', $acct->{account}, "\n";

Line 1268

Line 1294

=head2 new

$pdb = new Palm::Keyring([$password]);

$pdb = new Palm::Keyring([$password[, $version]]);

Create a new PDB, initialized with the various Palm::Keyring fields

and an empty record list.

Line 1279

Line 1305

If you pass in a password, it will initalize the first record with the encrypted

password.

new() now also takes options in other formats

$pdb = new Palm::Keyring({ key1 => value1, key2 => value2 });

$pdb = new Palm::Keyring( -key1 => value1, -key2 => value2);

=head3 Supported options are:

=over

=item password

The password used to initialize the database

=item version

The version of database to create. Accepts either 4 or 5. Currently defaults to 4.

=item v4compatible

The format of the fields passed to Encrypt and returned from Decrypt have changed.

This allows programs to use the newer databases with few changes but with less features.

=item cipher

The cipher to use. 0, 1, 2 or 3.

0 => None

1 => DES_EDE3

2 => AES128

3 => AES256

=item iterations

The number of iterations to encrypt with.

=back

=head2 crypt

Pass in the alias of the crypt to use, or the index.

This is a function, not a method.

my $c = Palm::Keyring::crypt($cipher);

$c is now:

$c = {

alias => (None|DES_EDE3|AES128|AES256),

name => (None|DES_EDE3|Rijndael),

keylen => <key length of the ciphe>,

blocksize => <block size of the cipher>,

default_iter => <default iterations for the cipher>,

};

=head2 Encrypt

$pdb->Encrypt($rec, $acct[, $password]);

$pdb->Encrypt($rec, $acct[, $password[, $ivec]]);

Encrypts an account into a record, either with the password previously

used, or with a password that is passed.

$ivec is the initialization vector to use to encrypt the record. This is

not used by v4 databases. Normally this is not passed and is generated

randomly.

$rec is a record from $pdb->{records} or a new_Record().

$acct is a hashref in the format below.

The v4 $acct is a hashref in the format below.

my $acct = {

my $v4acct = {

name => $rec->{name},

account => $account,

password => $password,

Line 1301

Line 1387

};

The v5 $acct is an arrayref full of hashrefs that contain each encrypted field.

my $v5acct = [

{

'label_id' => 2,

'data' => 'abcd1234',

'label' => 'password',

'font' => 0

{

'label_id' => 3,

'data' => {

'month' => 1,

'day' => 11,

'year' => 107

'label' => 'lastchange',

'font' => 0

{

'label_id' => 255,

'data' => 'This is a short note.',

'label' => 'notes',

'font' => 0

}

];

The account name is stored in $rec->{name} for both v4 and v5 databases.

It is not returned in the decrypted information for v5.

$rec->{name} = 'account name';

If you have changed anything other than the lastchange, or don't pass in a

lastchange key, Encrypt() will generate a new lastchange date for you.

Line 1313

Line 1432

my $acct = $pdb->Decrypt($rec[, $password]);

Decrypts the record and returns a hashref for the account as described

Decrypts the record and returns a reference for the account as described

under Encrypt().

foreach (0..$#{ $pdb->{records}) {

next if $_ == 0;

next if $_ == 0 && $pdb->{version} == 4;

my $rec = $pdb->{records}->[$_];

my $acct = $pdb->Decrypt($rec[, $password]);

my $acct = $pdb->Decrypt($rec);

# do something with $acct

}

=head2 Password

$pdb->Password([$password[, $new_password]]);

Line 1386

Line 1506

The Keyring for Palm OS website:

L<http://gnukeyring.sourceforge.net/>

The HACKING guide for palm keyring databases:

L<http://gnukeyring.cvs.sourceforge.net/*checkout*/gnukeyring/keyring/HACKING>

Johan Vromans also has a wxkeyring app that now uses this module, available

from his website at L<http://www.vromans.org/johan/software/sw_palmkeyring.html>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>