palm/Palm-Keyring/lib/Palm/Keyring.pm - diff

Return to Keyring.pm CVS log

Up to [local] / palm / Palm-Keyring / lib / Palm

Diff for /palm/Palm-Keyring/lib/Palm/Keyring.pm between version 1.37 and 1.45

version 1.37, 2007/02/23 02:34:01

version 1.45, 2007/02/26 00:02:13

Line 1

package Palm::Keyring;

# $RedRiver: Keyring.pm,v 1.36 2007/02/22 05:16:04 andrew Exp $

# $RedRiver: Keyring.pm,v 1.44 2007/02/23 22:11:33 andrew Exp $

########################################################################

# Keyring.pm *** Perl class for Keyring for Palm OS databases.

Line 107

# Set defaults

if ($self->{version} == 5) {

$self->{options}->{cipher} ||= 0; # 'None'

$self->{options}->{iterations} ||=

my $c = crypts($self->{options}->{cipher})

$CRYPTS[ $self->{options}->{cipher} ]{default_iter};

or croak('Unknown cipher ' . $self->{options}->{cipher});

$self->{options}->{iterations} ||= $c->{default_iter};

$self->{appinfo}->{cipher} ||= $self->{options}->{cipher};

$self->{appinfo}->{iter} ||= $self->{options}->{iterations};

};

if ( defined $options->{password} ) {

Line 132

sub crypts

{

my $crypt = shift;

if ($crypt =~ /\D/) {

if (! defined $crypt || ! length $crypt) {

return;

} elsif ($crypt =~ /\D/) {

foreach my $c (@CRYPTS) {

if ($c->{alias} eq $crypt) {

return $c;

Line 166

Line 168

delete $rec->{data};

} elsif ($self->{version} == 5) {

my $blocksize = $CRYPTS[ $self->{appinfo}->{cipher} ]{blocksize};

my $c = crypts( $self->{appinfo}->{cipher} )

or croak('Unknown cipher ' . $self->{appinfo}->{cipher});

my $blocksize = $c->{blocksize};

my ($field, $extra) = _parse_field($rec->{data});

delete $rec->{data};

Line 488

Line 492

my $key = shift;

my $cipher = shift;

my $ivec = shift;

my $blocksize = $CRYPTS[ $cipher ]{blocksize};

my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher);

my $keylen = $CRYPTS[ $cipher ]{keylen};

my $cipher_name = $CRYPTS[ $cipher ]{name};

if (! defined $ivec) {

$ivec = pack("C*",map {rand(256)} 1..$blocksize);

$ivec = pack("C*",map {rand(256)} 1..$c->{blocksize});

}

my $changed = 0;

Line 558

Line 560

$decrypted .= _pack_field($field);

}

my $encrypted;

if ($cipher_name eq 'None') {

if ($c->{name} eq 'None') {

# do nothing

$encrypted = $decrypted;

} elsif ($cipher_name eq 'DES_EDE3' or $cipher_name eq 'Rijndael') {

} elsif ($c->{name} eq 'DES_EDE3' or $c->{name} eq 'Rijndael') {

require Crypt::CBC;

my $c = Crypt::CBC->new(

my $cbc = Crypt::CBC->new(

-key => $key,

-literal_key => 1,

-iv => $ivec,

-cipher => $cipher_name,

-cipher => $c->{name},

-keysize => $keylen,

-keysize => $c->{keylen},

-blocksize => $blocksize,

-blocksize => $c->{blocksize},

-header => 'none',

-padding => 'oneandzeroes',

);

Line 579

Line 581

croak("Unable to set up encryption!");

}

$encrypted = $c->encrypt($decrypted);

$encrypted = $cbc->encrypt($decrypted);

} else {

die "Unsupported Version";

Line 670

Line 672

my $cipher = shift;

my $ivec = shift;

my $keylen = $CRYPTS[ $cipher ]{keylen};

my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher);

my $cipher_name = $CRYPTS[ $cipher ]{name};

my $blocksize = $CRYPTS[ $cipher ]{blocksize};

my $decrypted;

if ($cipher_name eq 'None') {

if ($c->{name} eq 'None') {

# do nothing

$decrypted = $encrypted;

} elsif ($cipher_name eq 'DES_EDE3' or $cipher_name eq 'Rijndael') {

} elsif ($c->{name} eq 'DES_EDE3' or $c->{name} eq 'Rijndael') {

require Crypt::CBC;

my $c = Crypt::CBC->new(

my $cbc = Crypt::CBC->new(

-key => $key,

-literal_key => 1,

-iv => $ivec,

-cipher => $cipher_name,

-cipher => $c->{name},

-keysize => $keylen,

-keysize => $c->{keylen},

-blocksize => $blocksize,

-blocksize => $c->{blocksize},

-header => 'none',

-padding => 'oneandzeroes',

);

Line 696

if (! $c) {

croak("Unable to set up encryption!");

}

my $len = $blocksize - length($encrypted) % $blocksize;

my $len = $c->{blocksize} - length($encrypted) % $c->{blocksize};

$encrypted .= $NULL x $len;

$decrypted = $c->decrypt($encrypted);

$decrypted = $cbc->decrypt($encrypted);

} else {

die "Unsupported Version";

Line 840

my $salt = pack("H*", $appinfo->{salt});

my $c = crypts($appinfo->{cipher})

or croak('Unknown cipher ' . $appinfo->{cipher});

my ($key, $hash) = _calc_key_v5(

$pass, $salt, $appinfo->{iter},

$CRYPTS[ $appinfo->{cipher} ]{keylen},

$c->{keylen},

$CRYPTS[ $appinfo->{cipher} ]{DES_odd_parity},

$c->{DES_odd_parity},

);

#print "Iter: '" . $appinfo->{iter} . "'\n";

Line 946

Line 948

my $length = 8;

my $salt = shift || pack("C*",map {rand(256)} 1..$length);

my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher);

my ($key, $hash) = _calc_key_v5(

$pass, $salt, $iter,

$CRYPTS[ $cipher ]->{keylen},

$c->{keylen},

$CRYPTS[ $cipher ]->{DES_odd_parity},

$c->{DES_odd_parity},

);

$appinfo->{salt} = unpack "H*", $salt;

$appinfo->{iter} = $iter;

$appinfo->{cipher} = $cipher;

$appinfo->{key} = $key;

$appinfo->{masterhash} = $hash;

$appinfo->{key} = $key;

return $key;

}

Line 998

Line 1000

import Digest::SHA1 qw(sha1);

my $key = _pbkdf2( $pass, $salt, $iter, $keylen, \&hmac_sha1 );

if ($dop) { $key = DES_odd_parity($key); }

if ($dop) { $key = _DES_odd_parity($key); }

my $hash = unpack("H*", substr(sha1($key.$salt),0, 8));

Line 1128

Line 1130

$packed .= $NULL;

}

} else {

my $packstr = "n1 c1 c1 x1";

my $packstr = "n1 C1 C1 x1";

$packed = pack $packstr, 0, 0, 0;

}

Line 1240

Line 1242

return substr($t, 0, $keylen);

}

sub DES_odd_parity($) {

sub _DES_odd_parity($) {

my $key = $_[0];

my ($r, $i);

my @odd_parity = (

Line 1283

Line 1285

It currently supports the v4 Keyring databases as well as

the pre-release v5 databases. I am not completely happy with the interface

for accessing the v5 database, so any suggestions on improvements on

for accessing v5 databases, so any suggestions on improvements on

the interface are appreciated.

This module doesn't store the decrypted content. It only keeps it until it

Line 1309

Line 1311

print ' - ', $acct->{account};

} else {

foreach my $a (@{ $acct }) {

if ($a->{type} eq 'account') {

if ($a->{label} eq 'account') {

print ' - ', $a->{data};

last;

}

Line 1338

Line 1340

$pdb = new Palm::Keyring({ key1 => value1, key2 => value2 });

$pdb = new Palm::Keyring( -key1 => value1, -key2 => value2);

Supported options

=over

=item Supported options

=over

=item password

Line 1357

Line 1361

=item cipher

The cipher to use. 0, 1, 2 or 3.

The cipher to use. Either the number or the name.

0 => None

1 => DES_EDE3

Line 1374

Line 1378

=back

For v5 databases there are some additional appinfo fields set.

These are set either on new() or Load().

$pdb->{appinfo} = {

# normal appinfo stuff described in L<Palm::StdAppInfo>

Line 1382

Line 1389

iter => Number of iterations for the cipher

};

=head2 crypt

=head2 crypts

Pass in the alias of the crypt to use, or the index.

These only make sense for v5 databases.

This is a function, not a method.

$cipher can be 0, 1, 2, 3, None, DES_EDE3, AES128 or AES256.

my $c = Palm::Keyring::crypt($cipher);

$c is now:

Line 1395

Line 1406

$c = {

alias => (None|DES_EDE3|AES128|AES256),

name => (None|DES_EDE3|Rijndael),

keylen => <key length of the ciphe>,

keylen => <key length of the cipher>,

blocksize => <block size of the cipher>,

default_iter => <default iterations for the cipher>,

};

Line 1474

Line 1485

Decrypts the record and returns a reference for the account as described

under Encrypt().

foreach (0..$#{ $pdb->{records}) {

foreach (0..$#{ $pdb->{records} }) {

next if $_ == 0 && $pdb->{version} == 4;

my $rec = $pdb->{records}->[$_];

my $acct = $pdb->Decrypt($rec);

Line 1517

Line 1528

or calculated when setting a new password.

};

=head2 Other overridden subroutines/methods

=over

=item ParseAppInfoBlock

Converts the extra returned by Palm::StdAppInfo::ParseAppInfoBlock() into

the following additions to $pdb->{appinfo}

$pdb->{appinfo} = {

cipher => The index number of the cipher being used (Not v4)

iter => Number of iterations for the cipher (Not v4)

};

=item PackAppInfoBlock

Reverses ParseAppInfoBlock before

sending it on to Palm::StdAppInfo::PackAppInfoBlock()

=item ParseRecord

Adds some fields to a record from Palm::StdAppInfo::ParseRecord()

$rec = {

name => Account name

ivec => The IV for the encrypted record. (Not v4)

encrypted => the encrypted information

};

=item PackRecord

Reverses ParseRecord and then sends it through Palm::StdAppInfo::PackRecord()

=back

=head1 DEPENDENCIES

Palm::StdAppInfo

B<For v4 databases>

Digest::MD5

Crypt::DES

Readonly

B<For v5 databases>

Digest::HMAC_SHA1

Digest::SHA1

Depending on how the database is encrypted

Crypt::CBC - For any encryption but None

Crypt::DES_EDE3 - DES_EDE3 encryption

Crytp::Rijndael - AES encryption schemes

=head1 THANKS

I would like to thank the helpful Perlmonk shigetsu who gave me some great advice

Line 1541

Line 1601

as giving me some very helpful hints about doing a few things that I was

unsure of. He is really great.

And finally,

thanks to Jochen Hoenicke E<lt>hoenicke@gmail.comE<gt>

(one of the authors of Palm Keyring)

for getting me started on the v5 support as well as providing help

and some subroutines.

=head1 BUGS AND LIMITATIONS

I am sure there are problems with this module. For example, I have

not done very extensive testing of the v5 databases.

I am not sure I am 'require module' the best way, but I don't want to

depend on modules that you don't need to use.

I am not very happy with the data structures used by Encrypt() and

Decrypt() for v5 databases, but I am not sure of a better way.

The v4 compatibility mode does not insert a fake record 0 where

normally the encrypted password is stored.

The date validation for packing new dates is very poor.

I have not gone through and standardized on how the module fails. Some

things fail with croak, some return undef, some may even fail silently.

Nothing initializes a lasterr method or anything like that. I need

to fix all that before it is a 1.0 candidate.

Please report any bugs or feature requests to

C<bug-palm-keyring at rt.cpan.org>, or through the web interface at

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>