palm/Palm-Keyring/lib/Palm/Keyring.pm - diff

Return to Keyring.pm CVS log

Up to [local] / palm / Palm-Keyring / lib / Palm

Diff for /palm/Palm-Keyring/lib/Palm/Keyring.pm between version 1.31 and 1.38

version 1.31, 2007/02/19 02:55:35

version 1.38, 2007/02/23 02:54:49

Line 1

package Palm::Keyring;

# $RedRiver: Keyring.pm,v 1.30 2007/02/19 01:37:10 andrew Exp $

# $RedRiver: Keyring.pm,v 1.37 2007/02/23 02:34:01 andrew Exp $

########################################################################

# Keyring.pm *** Perl class for Keyring for Palm OS databases.

Line 16

use warnings;

use Carp;

use Data::Dumper;

use base qw/ Palm::StdAppInfo /;

use Digest::HMAC_SHA1 qw(hmac_sha1);

use Digest::SHA1 qw(sha1);

use Crypt::CBC;

use Digest::MD5 qw(md5);

use Crypt::DES;

my $ENCRYPT = 1;

my $DECRYPT = 0;

my $MD5_CBLOCK = 64;

Line 36

Line 28

my $NULL = chr 0;

my @CRYPTS = (

{ # None

{

alias => 'None',

name => 'None',

keylen => 8,

blocksize => 1,

default_iter => 500,

{ # DES-EDE3

{

alias => 'DES-EDE3',

name => 'DES_EDE3',

keylen => 24,

blocksize => 8,

DES_odd_parity => 1,

default_iter => 1000,

{ # AES128

{

alias => 'AES128',

name => 'Rijndael',

keylen => 16,

blocksize => 16,

default_iter => 100,

{ # AES256

{

alias => 'AES256',

name => 'Rijndael',

keylen => 32,

blocksize => 16,

Line 131

Line 127

return 1;

}

# Accessors

sub crypts

{

my $crypt = shift;

if ($crypt =~ /\D/) {

foreach my $c (@CRYPTS) {

if ($c->{alias} eq $crypt) {

return $c;

}

# didn't find it.

return;

} else {

return $CRYPTS[$crypt];

}

# ParseRecord

sub ParseRecord

Line 154

Line 168

} elsif ($self->{version} == 5) {

my $blocksize = $CRYPTS[ $self->{appinfo}->{cipher} ]{blocksize};

my ($field, $extra) = _parse_field($rec->{data});

my $ivec = substr $extra, 0, $blocksize;

delete $rec->{data};

my $encrypted = substr $extra, $blocksize;

$rec->{name} = $field->{data};

$rec->{ivec} = $ivec;

$rec->{ivec} = substr $extra, 0, $blocksize;

$rec->{encrypted} = $encrypted;

$rec->{encrypted} = substr $extra, $blocksize;

} else {

die 'Unsupported Version';

Line 187

Line 200

}

} elsif ($self->{version} == 5) {

my $field = {

my $field;

'label_id' => 1,

if ($rec->{name}) {

'data' => $rec->{name},

$field = {

'font' => 0,

'label_id' => 1,

};

'data' => $rec->{name},

my $packed .= _pack_field($field);

'font' => 0,

};

} else {

$field = {

'label_id' => $EMPTY,

'data' => $EMPTY,

'font' => 0,

};

}

my $packed = _pack_field($field);

$rec->{data} = join '', $packed, $rec->{ivec}, $rec->{encrypted};

Line 247

Line 269

my $unpackstr

= ("C1" x 8) # 8 uint8s in an array for the salt

. ("S1" x 2) # the iter (uint16) and the cipher (uint16)

. ("n1" x 2) # the iter (uint16) and the cipher (uint16)

. ("C1" x 8); # and finally 8 more uint8s for the hash

my (@salt, $iter, $cipher, @hash);

Line 288

Line 310

my $packstr

= ("C1" x 8) # 8 uint8s in an array for the salt

. ("S1" x 2) # the iter (uint16) and the cipher (uint16)

. ("n1" x 2) # the iter (uint16) and the cipher (uint16)

. ("C1" x 8); # and finally 8 more uint8s for the hash

my @salt = map { hex $_ } $appinfo->{salt} =~ /../gxm;

Line 314

Line 336

my $rec = shift;

my $data = shift;

my $pass = shift || $self->{password};

my $ivec = shift;

if ( ! $pass && ! $self->{appinfo}->{key}) {

croak("password not set!\n");

Line 343

Line 366

$rec->{name} ||= $data->{name};

} elsif ($self->{version} == 5) {

my @recs = ($data, $acct);

my @accts = ($data, $acct);

my $name;

if ($self->{options}->{v4compatible}) {

$rec->{name} ||= $data->{name};

foreach my $rec (@recs) {

foreach my $a (@accts) {

my @fields;

foreach my $k (sort keys %{ $rec }) {

foreach my $k (sort keys %{ $a }) {

my $field = {

label => $k,

font => 0,

data => $rec->{$k},

data => $a->{$k},

};

push @fields, $field;

}

$rec = \@fields;

$a = \@fields;

}

my $ivec;

($encrypted, $ivec) = _encrypt_v5(

@recs,

@accts,

$self->{appinfo}->{key},

$self->{appinfo}->{cipher},

$ivec,

);

if ($ivec) {

if (defined $ivec) {

$rec->{ivec} = $ivec;

}

Line 465

Line 487

my $old = shift;

my $key = shift;

my $cipher = shift;

my $length = $CRYPTS[ $cipher ]{blocksize};

my $ivec = shift;

my $ivec = shift || pack("C*",map {rand(256)} 1..$length);

my $blocksize = $CRYPTS[ $cipher ]{blocksize};

my $keylen = $CRYPTS[ $cipher ]{keylen};

my $cipher_name = $CRYPTS[ $cipher ]{name};

if (! defined $ivec) {

$ivec = pack("C*",map {rand(256)} 1..$blocksize);

}

my $changed = 0;

my $need_newdate = 1;

my $date_index;

for (my $i = 0; $i < @{ $new }; $i++) {

if (

(exists $new->[$i]->{label_id} && $new->[$i]->{label_id} == 3) ||

($new->[$i]->{label_id} && $new->[$i]->{label_id} == 3) ||

(exists $new->[$i]->{label} && $new->[$i]->{label} eq 'lastchange')

($new->[$i]->{label} && $new->[$i]->{label} eq 'lastchange')

) {

$date_index = $i;

if ( $old && $#{ $new } == $#{ $old } && (

$new->[$i]->{data}->{day} != $old->[$i]->{data}->{day} ||

$new->[$i]{data}{day} != $old->[$i]{data}{day} ||

$new->[$i]->{data}->{month} != $old->[$i]->{data}->{month} ||

$new->[$i]{data}{month} != $old->[$i]{data}{month} ||

$new->[$i]->{data}->{year} != $old->[$i]->{data}->{year}

$new->[$i]{data}{year} != $old->[$i]{data}{year}

)) {

$changed = 1;

$need_newdate = 0;

last;

}

} elsif ($old && $#{ $new } == $#{ $old }) {

Line 533

Line 557

foreach my $field (@{ $new }) {

$decrypted .= _pack_field($field);

}

my $encrypted;

if ($cipher_name eq 'None') {

# do nothing

$encrypted = $decrypted;

} elsif ($cipher_name eq 'DES_EDE3' or $cipher_name eq 'Rijndael') {

require Crypt::CBC;

my $c = Crypt::CBC->new(

-literal_key => 1,

-key => $key,

-literal_key => 1,

-iv => $ivec,

-cipher => $cipher_name,

-keysize => $keylen,

-blocksize => $blocksize,

-header => 'none',

-padding => 'oneandzeroes',

);

Line 639

Line 664

sub _decrypt_v5

{

my $encrypted = shift;

my $key = shift;

my $cipher = shift;

Line 646

Line 672

my $keylen = $CRYPTS[ $cipher ]{keylen};

my $cipher_name = $CRYPTS[ $cipher ]{name};

my $blocksize = $CRYPTS[ $cipher ]{blocksize};

my $decrypted;

Line 654

Line 681

$decrypted = $encrypted;

} elsif ($cipher_name eq 'DES_EDE3' or $cipher_name eq 'Rijndael') {

require Crypt::CBC;

my $c = Crypt::CBC->new(

-literal_key => 1,

-key => $key,

-literal_key => 1,

-iv => $ivec,

-cipher => $cipher_name,

-keysize => $keylen,

-blocksize => $blocksize,

-header => 'none',

-padding => 'oneandzeroes',

);

Line 667

Line 696

if (! $c) {

croak("Unable to set up encryption!");

}

$encrypted .= $NULL x $keylen; # pad out a keylen

my $len = $blocksize - length($encrypted) % $blocksize;

$encrypted .= $NULL x $len;

$decrypted = $c->decrypt($encrypted);

} else {

Line 766

Line 796

}

} elsif ($self->{version} == 5) {

return _password_verify_v5($pass, $self->{appinfo});

return _password_verify_v5($self->{appinfo}, $pass);

} else {

# XXX unsupported version

}

Line 776

Line 806

sub _password_verify_v4

{

require Digest::MD5;

import Digest::MD5 qw(md5);

my $pass = shift;

my $data = shift;

Line 793

Line 826

my $digest = md5($msg);

if (! $data eq $salt . $digest ) {

if ($data ne $salt . $digest ) {

return;

}

Line 802

Line 835

sub _password_verify_v5

{

my $pass = shift;

my $appinfo = shift;

my $pass = shift;

my $salt = pack("H*", $appinfo->{salt});

Line 813

Line 846

$CRYPTS[ $appinfo->{cipher} ]{DES_odd_parity},

);

#print "Iter: '" . $appinfo->{iter} . "'\n";

#print "Key: '". unpack("H*", $key) . "'\n";

#print "Salt: '". unpack("H*", $salt) . "'\n";

#print "Hash: '". $hash . "'\n";

#print "Hash: '". $appinfo->{masterhash} . "'\n";

Line 876

Line 911

sub _password_update_v4

{

require Digest::MD5;

import Digest::MD5 qw(md5);

my $pass = shift;

if (! defined $pass) { croak('No password specified!'); };

Line 924

Line 962

return $key;

}

# Helpers

sub _calc_keys

{

Line 953

Line 992

{

my ($pass, $salt, $iter, $keylen, $dop) = @_;

require Digest::HMAC_SHA1;

import Digest::HMAC_SHA1 qw(hmac_sha1);

require Digest::SHA1;

import Digest::SHA1 qw(sha1);

my $key = _pbkdf2( $pass, $salt, $iter, $keylen, \&hmac_sha1 );

if ($dop) { $key = DES_odd_parity($key); }

Line 963

Line 1007

sub _crypt3des

{

require Crypt::DES;

my ( $plaintext, $passphrase, $flag ) = @_;

$passphrase .= $SPACE x ( 16 * 3 );

Line 1021

Line 1067

$labels[3] = 'lastchange';

$labels[255] = 'notes';

my ($len) = unpack "S1", $field;

my ($len) = unpack "n1", $field;

if ($len + 4 > length $field) {

return undef, $field;

}

my $unpackstr = "S1 C1 C1 A$len";

my $unpackstr = "x2 C1 C1 A$len";

if ($len % 2 && $len + 4 < length $field) {

my $offset = 2 +1 +1 +$len;

if ($len % 2) { # && $len + 4 < length $field) {

# trim the 0/1 byte padding for next even address.

$offset++;

$unpackstr .= ' x'

}

$unpackstr .= ' A*';

my (undef, $label, $font, $data, $leftover)

my ($label, $font, $data) = unpack $unpackstr, $field;

= unpack $unpackstr, $field;

my $leftover = substr $field, $offset;

if ($label == 3) {

if ($label && $label == 3) {

$data = _parse_keyring_date($data);

}

return {

Line 1059

Line 1106

notes => 255,

);

my $label = $field->{label_id} || $labels{ $field->{label} };

my $packed;

my $font = $field->{font} || 0;

if (defined $field) {

my $data = $field->{data} || '';

my $label = $field->{label_id} || 0;

if (defined $field->{label} && ! $label) {

$label = $labels{ $field->{label} };

}

my $font = $field->{font} || 0;

my $data = defined $field->{data} ? $field->{data} : $EMPTY;

if ($label == 3) {

if ($label && $label == 3) {

$data = _pack_keyring_date($data);

}

my $len = length $data;

my $packstr = "S1 C1 C1 A*";

my $packstr = "n1 C1 C1 A*";

my $packed = pack $packstr, ($len, $label, $font, $data);

$packed = pack $packstr, ($len, $label, $font, $data);

if ($len % 2) {

# add byte padding for next even address.

$packed .= $NULL;

}

} else {

my $packstr = "n1 C1 C1 x1";

$packed = pack $packstr, 0, 0, 0;

}

return $packed;

Line 1225

Line 1281

It has the standard Palm::PDB methods with 2 additional public methods.

Decrypt and Encrypt.

It currently supports the v4 Keyring databases.

It currently supports the v4 Keyring databases as well as

The pre-release v5 databases are mostly supported. There are definitely some

the pre-release v5 databases. I am not completely happy with the interface

bugs, For example, t/keyring5.t sometimes fails. I am not sure why yet.

for accessing the v5 database, so any suggestions on improvements on

the interface are appreciated.

This module doesn't store the decrypted content. It only keeps it until it

returns it to you or encrypts it.

Line 1247

Line 1304

next if $_ == 0 && $pdb->{version} == 4;

my $rec = $pdb->{records}->[$_];

my $acct = $pdb->Decrypt($rec, $pass);

print $rec->{name}, ' - ', $acct->{account}, "\n";

print $rec->{name}, ' - ';

if ($pdb->{version} == 4 || $pdb->{options}->{v4compatible}) {

print ' - ', $acct->{account};

} else {

foreach my $a (@{ $acct }) {

if ($a->{label} eq 'account') {

print ' - ', $a->{data};

last;

}

print "\n";

}

=head1 SUBROUTINES/METHODS

Line 1270

Line 1338

$pdb = new Palm::Keyring({ key1 => value1, key2 => value2 });

$pdb = new Palm::Keyring( -key1 => value1, -key2 => value2);

=head3 Supported options are:

=over

=item Supported options

=over

=item password

Line 1300

Line 1370

The number of iterations to encrypt with.

=item options

A hashref of the options that are set

=back

For v5 databases there are some additional appinfo fields set.

$pdb->{appinfo} = {

# normal appinfo stuff described in L<Palm::StdAppInfo>

cipher => The index number of the cipher being used

iter => Number of iterations for the cipher

};

=head2 crypt

Pass in the alias of the crypt to use, or the index.

These only make sense for v5 databases.

This is a function, not a method.

$cipher can be 0, 1, 2, 3, None, DES_EDE3, AES128 or AES256.

my $c = Palm::Keyring::crypt($cipher);

$c is now:

$c = {

alias => (None|DES_EDE3|AES128|AES256),

name => (None|DES_EDE3|Rijndael),

keylen => <key length of the ciphe>,

blocksize => <block size of the cipher>,

default_iter => <default iterations for the cipher>,

};

=head2 Encrypt

$pdb->Encrypt($rec, $acct[, $password]);

$pdb->Encrypt($rec, $acct[, $password[, $ivec]]);

Encrypts an account into a record, either with the password previously

used, or with a password that is passed.

$ivec is the initialization vector to use to encrypt the record. This is

not used by v4 databases. Normally this is not passed and is generated

randomly.

$rec is a record from $pdb->{records} or a new_Record().

The v4 $acct is a hashref in the format below.

Line 1353

Line 1462

The account name is stored in $rec->{name} for both v4 and v5 databases.

It is not returned in the decrypted information for v5.

$rec->{name} = 'account name';

Line 1392

Line 1501

the password.

If nothing is passed, it forgets the password that it was remembering.

After a successful password verification the following fields are set

For v4

$pdb->{digest} = the calculated digest used from the key;

$pdb->{password} = the password that was passed in;

For v5

$pdb->{appinfo} = {

# As described under new() with these additional fields

cipher => The index number of the cipher being used

iter => Number of iterations for the cipher

key => The key that is calculated from the password

and salt and is used to decrypt the records.

masterhash => the hash of the key that is stored in the

database. Either set when Loading the database

or when setting a new password.

salt => the salt that is either read out of the database

or calculated when setting a new password.

};

=head1 DEPENDENCIES

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>