palm/Palm-Keyring/lib/Palm/Keyring.pm - diff

Return to Keyring.pm CVS log

Up to [local] / palm / Palm-Keyring / lib / Palm

Diff for /palm/Palm-Keyring/lib/Palm/Keyring.pm between version 1.44 and 1.64

version 1.44, 2007/02/23 22:11:33

version 1.64, 2011/09/19 04:05:11

Line 1

package Palm::Keyring;

# $RedRiver: Keyring.pm,v 1.43 2007/02/23 22:05:17 andrew Exp $

# $RedRiver: Keyring.pm,v 1.61 2008/09/19 05:55:35 andrew Exp $

########################################################################

# Keyring.pm *** Perl class for Keyring for Palm OS databases.

Line 15

use strict;

use warnings;

require 5.006_001;

use Carp;

use base qw/ Palm::StdAppInfo /;

Line 57

Line 59

blocksize => 16,

default_iter => 250,

{

alias => 'TESTING',

name => 'Testing',

keylen => 8,

blocksize => 1,

default_iter => 1,

);

my %LABELS = (

0 => {

id => 0,

name => 'name',

1 => {

id => 1,

name => 'account',

2 => {

id => 2,

name => 'password',

3 => {

id => 3,

name => 'lastchange',

255 => {

id => 255,

name => 'notes',

);

our $VERSION = 0.95;

our $VERSION = '0.96_07';

sub new

{

my $classname = shift;

my $options = {};

# hashref arguments

if (@_) {

if (ref $_[0] eq 'HASH') {

# hashref arguments

$options = shift;

if (ref $_[0] eq 'HASH') {

}

$options = shift;

}

# CGI style arguments

elsif ($_[0] =~ /^-[a-zA-Z0-9_]{1,20}$/) {

my %tmp = @_;

while ( my($key,$value) = each %tmp) {

$key =~ s/^-//;

$options->{lc $key} = $value;

}

else {

$options->{password} = shift;

$options->{version} = shift;

$options->{cipher} = shift;

}

# Create a generic PDB. No need to rebless it, though.

Line 114

Line 149

$self->{appinfo}->{iter} ||= $self->{options}->{iterations};

};

if ( defined $options->{file} ) {

$self->Load($options->{file});

}

if ( defined $options->{password} ) {

$self->Password($options->{password});

}

Line 132

Line 171

sub crypts

{

my $crypt = shift;

if (! defined $crypt || ! length $crypt) {

if ((! defined $crypt) || (! length $crypt)) {

return;

} elsif ($crypt =~ /\D/) {

foreach my $c (@CRYPTS) {

Line 147

Line 186

}

sub labels

{

my $label = shift;

if ((! defined $label) || (! length $label)) {

return;

} elsif (exists $LABELS{$label}) {

return $LABELS{$label};

} else {

foreach my $l (keys %LABELS) {

if ($LABELS{$l}{name} eq $label) {

return $LABELS{$l};

}

# didn't find it, make one.

if ($label =~ /^\d+$/) {

return {

id => $label,

name => undef,

};

} else {

return;

}

# Write

sub Write

{

my $self = shift;

if ($self->{version} == 4) {

# Give the PDB the first record that will hold the encrypted password

my $rec = $self->new_Record;

$rec->{data} = $self->{encpassword};

if (ref $self->{records} eq 'ARRAY') {

unshift @{ $self->{records} }, $rec;

} else {

$self->{records} = [ $rec ];

}

my @rc = $self->SUPER::Write(@_);

if ($self->{version} == 4) {

shift @{ $self->{records} };

}

return @rc;

}

# ParseRecord

sub ParseRecord

Line 154

Line 247

my $self = shift;

my $rec = $self->SUPER::ParseRecord(@_);

return $rec if ! exists $rec->{data};

return $rec if !(defined $rec->{data} && length $rec->{data} );

if ($self->{version} == 4) {

# skip the first record because it contains the password.

return $rec if ! exists $self->{records};

if (! exists $self->{records}) {

$self->{encpassword} = $rec->{data};

return '__DELETE_ME__';

}

if ($self->{records}->[0] eq '__DELETE_ME__') {

shift @{ $self->{records} };

}

my ( $name, $encrypted ) = split /$NULL/xm, $rec->{data}, 2;

return $rec if ! $encrypted;

$rec->{name} = $name;

$rec->{plaintext}->{0} = {

label => 'name',

label_id => 0,

data => $name,

font => 0,

};

$rec->{encrypted} = $encrypted;

delete $rec->{data};

Line 174

Line 279

my ($field, $extra) = _parse_field($rec->{data});

delete $rec->{data};

$rec->{name} = $field->{data};

$rec->{plaintext}->{0} = $field;

$rec->{ivec} = substr $extra, 0, $blocksize;

$rec->{encrypted} = substr $extra, $blocksize;

} else {

die 'Unsupported Version';

# XXX Can never get here to test, ParseAppInfoBlock is always run

return;

# XXX first by Load().

croak "Unsupported Version $self->{version}";

}

return $rec;

Line 195

Line 301

if ($self->{version} == 4) {

if ($rec->{encrypted}) {

if (! defined $rec->{name}) {

my $name = $rec->{plaintext}->{0}->{data} || $EMPTY;

$rec->{name} = $EMPTY;

$rec->{data} = join $NULL, $name, $rec->{encrypted};

}

$rec->{data} = join $NULL, $rec->{name}, $rec->{encrypted};

delete $rec->{name};

delete $rec->{encrypted};

}

} elsif ($self->{version} == 5) {

croak 'No encrypted data in record' if !defined $rec->{encrypted};

croak 'No ivec!' if !$rec->{ivec};

my $field;

if ($rec->{name}) {

if ($rec->{plaintext}->{0}) {

$field = {

$field = $rec->{plaintext}->{0};

'label_id' => 1,

'data' => $rec->{name},

'font' => 0,

};

} else {

$field = {

'label_id' => $EMPTY,

'label' => 'name',

'label_id' => 0,

'data' => $EMPTY,

'font' => 0,

};

}

my $packed = _pack_field($field);

$rec->{data} = join '', $packed, $rec->{ivec}, $rec->{encrypted};

$rec->{data} = join $EMPTY, $packed, $rec->{ivec}, $rec->{encrypted};

} else {

die 'Unsupported Version';

croak "Unsupported Version $self->{version}";

}

# XXX Should I?

#delete $rec->{plaintext};

#delete $rec->{encrypted};

croak 'No data in record to pack' if !$rec->{data};

return $self->SUPER::PackRecord($rec, @_);

}

Line 252

Line 359

# Nothing extra for version 4

} elsif ($self->{version} == 5) {

_parse_appinfo_v5($appinfo) || return;

_parse_appinfo_v5($appinfo);

} else {

die "Unsupported Version";

croak "Unsupported Version $self->{version}";

return;

}

return $appinfo;

Line 266

Line 372

{

my $appinfo = shift;

if (! exists $appinfo->{other}) {

croak 'Corrupt appinfo? no {other}' if ! $appinfo->{other};

# XXX Corrupt appinfo?

return;

}

my $unpackstr

= ("C1" x 8) # 8 uint8s in an array for the salt

Line 302

Line 405

} elsif ($self->{version} == 5) {

_pack_appinfo_v5($self->{appinfo});

} else {

die "Unsupported Version";

croak "Unsupported Version $self->{version}";

return;

}

return &Palm::StdAppInfo::pack_StdAppInfo($self->{appinfo});

}

Line 337

Line 439

sub Encrypt

{

my $self = shift;

my $rec = shift;

my $rec = shift || croak('Needed parameter [record] not passed!');

my $data = shift;

my $pass = shift || $self->{password};

my $data = shift || $rec->{plaintext};

my $ivec = shift;

if ( ! $pass && ! $self->{appinfo}->{key}) {

$self->_password_verify($pass);

croak("password not set!\n");

}

if ( ! $rec) {

if ( !$data ) { croak('Needed parameter [plaintext] not passed!'); }

croak("Needed parameter 'record' not passed!\n");

}

if ( ! $data) {

croak("Needed parameter 'data' not passed!\n");

}

if ( $pass && ! $self->Password($pass)) {

croak("Incorrect Password!\n");

}

my $acct;

if ($rec->{encrypted}) {

$acct = $self->Decrypt($rec, $pass);

Line 366

Line 456

my $encrypted;

if ($self->{version} == 4) {

$self->{digest} ||= _calc_keys( $pass );

$encrypted = _encrypt_v4($data, $acct, $self->{digest});

my $datav4 = {

$rec->{name} ||= $data->{name};

name => $data->{0}->{data},

account => $data->{1}->{data},

password => $data->{2}->{data},

lastchange => $data->{3}->{data},

notes => $data->{255}->{data},

};

my $acctv4 = {

name => $acct->{0}->{data},

account => $acct->{1}->{data},

password => $acct->{2}->{data},

lastchange => $acct->{3}->{data},

notes => $acct->{255}->{data},

};

$encrypted = _encrypt_v4($datav4, $acctv4, $self->{digest});

} elsif ($self->{version} == 5) {

my @accts = ($data, $acct);

if ($self->{options}->{v4compatible}) {

$rec->{name} ||= $data->{name};

foreach my $a (@accts) {

my @fields;

foreach my $k (sort keys %{ $a }) {

my $field = {

label => $k,

font => 0,

data => $a->{$k},

};

push @fields, $field;

}

$a = \@fields;

}

($encrypted, $ivec) = _encrypt_v5(

@accts,

$data, $acct,

$self->{appinfo}->{key},

$self->{appinfo}->{cipher},

$ivec,

);

if (defined $ivec) {

$rec->{ivec} = $ivec if $ivec;

$rec->{ivec} = $ivec;

}

} else {

die "Unsupported Version";

croak "Unsupported Version $self->{version}";

}

if ($encrypted) {

$rec->{plaintext}->{0} = $data->{0};

if ($encrypted eq '1') {

return 1;

}

if ($encrypted ne '1') {

$rec->{attributes}{Dirty} = 1;

$rec->{attributes}{dirty} = 1;

$rec->{encrypted} = $encrypted;

return 1;

} else {

return;

}

return 1;

}

sub _encrypt_v4

Line 429

Line 509

my $changed = 0;

my $need_newdate = 0;

if ($old && %{ $old }) {

no warnings 'uninitialized';

foreach my $key (keys %{ $new }) {

next if $key eq 'lastchange';

if ($new->{$key} ne $old->{$key}) {

Line 495

Line 576

my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher);

if (! defined $ivec) {

$ivec = pack("C*",map {rand(256)} 1..$c->{blocksize});

if (!$c->{blocksize}) {

$ivec = $EMPTY;

}

else {

while (! $ivec) {

$ivec = pack("C*",map {rand(256)} 1..$c->{blocksize});

}

my $changed = 0;

my $need_newdate = 1;

my $date_index;

if ($new->{3}->{data}) {

for (my $i = 0; $i < @{ $new }; $i++) {

$need_newdate = 0;

if (

}

($new->[$i]->{label_id} && $new->[$i]->{label_id} == 3) ||

($new->[$i]->{label} && $new->[$i]->{label} eq 'lastchange')

) {

$date_index = $i;

if ( $old && $#{ $new } == $#{ $old } && (

$new->[$i]{data}{day} != $old->[$i]{data}{day} ||

$new->[$i]{data}{month} != $old->[$i]{data}{month} ||

$new->[$i]{data}{year} != $old->[$i]{data}{year}

)) {

$changed = 1;

$need_newdate = 0;

}

} elsif ($old && $#{ $new } == $#{ $old }) {

if ($old) {

my $n = join ':', %{ $new->[$i] };

foreach my $k (keys %{ $new }) {

my $o = join ':', %{ $old->[$i] };

if (! $old->{$k} ) {

if ($n ne $o) {

$changed = 1;

last;

}

if (! $new->{$k}) {

$changed = 1;

last;

}

} elsif ($#{ $new } != $#{ $old }) {

elsif ($k == 3) {

$changed = 1;

if (! $new->{$k}->{data} && $old->{$k}->{data} ) {

$changed = 1;

last;

}

my %n = %{ $new->{$k}->{data} };

my %o = %{ $old->{$k}->{data} };

foreach (qw( day month year )) {

$n{$_} ||= 0;

$o{$_} ||= 0;

}

if (

$n{day} == $o{day} &&

$n{month} == $o{month} &&

$n{year} == $o{year}

) {

$need_newdate = 1;

}

else {

$changed = 1;

last;

}

else {

my $n = join ':', sort %{ $new->{$k} };

my $o = join ':', sort %{ $old->{$k} };

if ($n ne $o) {

$changed = 1;

last;

}

if ($old && (! @{ $old }) && $date_index) {

else {

$need_newdate = 0;

$changed = 1;

}

return 1, 0 if $changed == 0;

return 1 if $changed == 0;

if ($need_newdate || ! defined $date_index) {

if ($need_newdate) {

my ($day, $month, $year) = (localtime)[3,4,5];

my $date = {

$new->{3} = {

year => $year,

label => 'lastchange',

month => $month,

label_id => 3,

day => $day,

font => 0,

data => {

year => $year,

month => $month,

day => $day,

};

if (defined $date_index) {

$new->[$date_index]->{data} = $date;

} else {

push @{ $new }, {

label => 'lastchange',

font => 0,

data => $date,

};

}

} else {

# XXX Need to actually validate the above information somehow

if ($new->[$date_index]->{data}->{year} >= 1900) {

if ($new->{3}->{data}->{year} >= 1900) {

$new->[$date_index]->{data}->{year} -= 1900;

$new->{3}->{data}->{year} -= 1900;

}

my $decrypted;

my $plaintext;

foreach my $field (@{ $new }) {

foreach my $k (keys %{ $new }) {

$decrypted .= _pack_field($field);

next if $new->{$k}->{label_id} == 0;

$plaintext .= _pack_field($new->{$k});

}

$plaintext .= chr(0xff) x 2;

my $encrypted;

if ($c->{name} eq 'None') {

# do nothing

$encrypted = $decrypted;

$encrypted = $plaintext;

} elsif ($c->{name} eq 'DES_EDE3' or $c->{name} eq 'Rijndael') {

require Crypt::CBC;

Line 575

Line 687

-blocksize => $c->{blocksize},

-header => 'none',

-padding => 'oneandzeroes',

);

) || croak("Unable to set up encryption!");

if (! $c) {

$encrypted = $cbc->encrypt($plaintext);

croak("Unable to set up encryption!");

}

$encrypted = $cbc->encrypt($decrypted);

} else {

die "Unsupported Version";

croak "Unsupported Crypt $c->{name}";

}

return $encrypted, $ivec;

Line 598

Line 706

my $rec = shift;

my $pass = shift || $self->{password};

if ( ! $pass && ! $self->{appinfo}->{key}) {

if ( ! $rec) { croak('Needed parameter [record] not passed!'); }

croak("password not set!\n");

if ( ! $rec->{encrypted} ) { croak('No encrypted content!'); }

}

if ( ! $rec) {

$self->_password_verify($pass);

croak("Needed parameter 'record' not passed!\n");

}

if ( $pass && ! $self->Password($pass)) {

my $plaintext;

croak("Invalid Password!\n");

}

if ( ! $rec->{encrypted} ) {

croak("No encrypted content!");

}

if ($self->{version} == 4) {

$self->{digest} ||= _calc_keys( $pass );

my $acct = _decrypt_v4($rec->{encrypted}, $self->{digest});

$acct->{name} ||= $rec->{name};

$plaintext = {

return $acct;

0 => $rec->{plaintext}->{0},

1 => {

label => 'account',

label_id => 1,

font => 0,

data => $acct->{account},

2 => {

label => 'password',

label_id => 2,

font => 0,

data => $acct->{password},

3 => {

label => 'lastchange',

label_id => 3,

font => 0,

data => $acct->{lastchange},

255 => {

label => 'notes',

label_id => 255,

font => 0,

data => $acct->{notes},

};

} elsif ($self->{version} == 5) {

my $fields = _decrypt_v5(

$plaintext = _decrypt_v5(

$rec->{encrypted}, $self->{appinfo}->{key},

$self->{appinfo}->{cipher}, $rec->{ivec},

);

if ($self->{options}->{v4compatible}) {

$plaintext->{0} ||= $rec->{plaintext}->{0};

my %acct;

foreach my $f (@{ $fields }) {

$acct{ $f->{label} } = $f->{data};

}

$acct{name} ||= $rec->{name};

return \%acct;

} else {

return $fields;

}

} else {

die "Unsupported Version";

croak "Unsupported Version $self->{version}";

}

if ($plaintext) {

$rec->{plaintext} = $plaintext;

return $plaintext;

}

return;

}

Line 647

Line 766

my $encrypted = shift;

my $digest = shift;

my $decrypted = _crypt3des( $encrypted, $digest, $DECRYPT );

my $plaintext = _crypt3des( $encrypted, $digest, $DECRYPT );

my ( $account, $password, $notes, $packed_date )

= split /$NULL/xm, $decrypted, 4;

= split /$NULL/xm, $plaintext, 4;

my $modified;

if ($packed_date) {

Line 674

Line 793

my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher);

my $decrypted;

my $plaintext;

if ($c->{name} eq 'None') {

# do nothing

$decrypted = $encrypted;

$plaintext = $encrypted;

} elsif ($c->{name} eq 'DES_EDE3' or $c->{name} eq 'Rijndael') {

require Crypt::CBC;

Line 691

Line 810

-blocksize => $c->{blocksize},

-header => 'none',

-padding => 'oneandzeroes',

);

) || croak("Unable to set up encryption!");

if (! $c) {

croak("Unable to set up encryption!");

}

my $len = $c->{blocksize} - length($encrypted) % $c->{blocksize};

$encrypted .= $NULL x $len;

$decrypted = $cbc->decrypt($encrypted);

$plaintext = $cbc->decrypt($encrypted);

} else {

die "Unsupported Version";

croak "Unsupported Crypt $c->{name}";

return;

}

my @fields;

my %fields;

while ($decrypted) {

while ($plaintext) {

my $field;

($field, $decrypted) = _parse_field($decrypted);

($field, $plaintext) = _parse_field($plaintext);

if (! $field) {

last;

}

push @fields, $field;

$fields{ $field->{label_id} } = $field;

}

return \@fields;

return \%fields;

}

# Password

Line 733

Line 848

}

if (

($self->{version} == 4 && ! exists $self->{records}) ||

($self->{version} == 4 && ! exists $self->{encpassword}) ||

($self->{version} == 5 && ! exists $self->{appinfo}->{masterhash})

) {

if ($self->{version} == 4) {

# Give the PDB the first record that will hold the encrypted password

$self->{records} = [ $self->new_Record ];

}

return $self->_password_update($pass);

}

if ($new_pass) {

my $v4compat = $self->{options}->{v4compatible};

$self->{options}->{v4compatible} = 0;

my @accts = ();

foreach my $i (0..$#{ $self->{records} }) {

foreach my $rec (@{ $self->{records} }) {

if ($self->{version} == 4 && $i == 0) {

my $acct = $self->Decrypt($rec, $pass);

push @accts, undef;

next;

}

my $acct = $self->Decrypt($self->{records}->[$i], $pass);

if ( ! $acct ) {

croak("Couldn't decrypt $self->{records}->[$i]->{name}");

croak("Couldn't decrypt $rec->{plaintext}->{0}->{data}");

}

push @accts, $acct;

}

Line 767

Line 870

$pass = $new_pass;

foreach my $i (0..$#accts) {

if ($self->{version} == 4 && $i == 0) {

next;

}

delete $self->{records}->[$i]->{encrypted};

$self->Encrypt($self->{records}->[$i], $accts[$i], $pass);

$self->{records}->[$i]->{plaintext} = $accts[$i];

$self->Encrypt($self->{records}->[$i], $pass);

}

$self->{options}->{v4compatible} = $v4compat;

return $self->_password_verify($pass);

}

sub _password_verify {

my $self = shift;

my $pass = shift;

if (!defined $pass) {

$pass = $self->{password};

}

if ( !$pass ) {

croak("Password not set!\n");

}

if (defined $self->{password} && $pass eq $self->{password}) {

# already verified this password

return 1;

}

if ($self->{version} == 4) {

# AFAIK the thing we use to test the password is

_password_verify_v4($pass, $self->{encpassword});

# always in the first entry

my $valid = _password_verify_v4($pass, $self->{records}->[0]->{data});

# May as well generate the keys we need now, since we know the password is right

# May as well generate the keys we need now,

if ($valid) {

# since we know the password is right

$self->{digest} = _calc_keys($pass);

if ($self->{digest} ) {

$self->{password} = $pass;

return 1;

}

} elsif ($self->{version} == 5) {

return _password_verify_v5($self->{appinfo}, $pass);

_password_verify_v5($self->{appinfo}, $pass);

} else {

$self->{password} = $pass;

# XXX unsupported version

return 1;

}

return;

croak "Unsupported Version $self->{version}";

}

sub _password_verify_v4

Line 812

Line 921

my $pass = shift;

my $data = shift;

if (! $pass) { croak('No password specified!'); };

if (! $pass) { croak('No password specified!'); }

if (! $data) { croak('No encrypted password in file!'); }

# XXX die "No encrypted password in file!" unless defined $data;

if ( ! defined $data) { return; };

$data =~ s/$NULL$//xm;

my $salt = substr $data, 0, $kSalt_Size;

Line 827

Line 934

my $digest = md5($msg);

if ($data ne $salt . $digest ) {

return;

croak("Incorrect Password!");

}

return 1;

Line 854

Line 961

#print "Hash: '". $hash . "'\n";

#print "Hash: '". $appinfo->{masterhash} . "'\n";

if ($appinfo->{masterhash} eq $hash) {

if ($appinfo->{masterhash} ne $hash) {

$appinfo->{key} = $key;

croak("Incorrect Password!");

} else {

return;

}

return $key;

$appinfo->{key} = $key;

return 1;

}

Line 876

Line 982

if ($self->{version} == 4) {

my $data = _password_update_v4($pass, @_);

if (! $data) {

if (! $data) { croak "Failed to update password!"; }

carp("Failed to update password!");

return;

}

# AFAIK the thing we use to test the password is

# always in the first entry

$self->{records}->[0]->{data} = $data;

$self->{encpassword} = $data;

$self->{password} = $pass;

$self->{digest} = _calc_keys( $self->{password} );

Line 898

Line 1001

$self->{appinfo}, $pass, $cipher, $iter, $salt

);

if (! $hash) {

if (! $hash) { croak "Failed to update password!"; }

carp("Failed to update password!");

return;

}

$self->{password} = $pass;

return 1;

} else {

croak("Unsupported version ($self->{version})");

}

return;

croak "Unsupported Version $self->{version}";

}

sub _password_update_v4

Line 964

Line 1064

return $key;

}

sub Unlock

{

my $self = shift;

my ($pass) = @_;

$pass ||= $self->{password};

$self->_password_verify($pass);

foreach my $rec (@{ $self->{records} }) {

$self->Decrypt($rec);

}

return 1;

}

sub Lock

{

my $self = shift;

$self->Password();

foreach my $rec (@{ $self->{records} }) {

my $name = $rec->{plaintext}->{0};

delete $rec->{plaintext};

$rec->{plaintext}->{0} = $name;

}

return 1;

}

# Helpers

sub _calc_keys

{

require Digest::MD5;

import Digest::MD5 qw(md5);

my $pass = shift;

if (! defined $pass) { croak('No password defined!'); };

Line 1062

Line 1196

{

my $field = shift;

my @labels;

my ($len) = unpack "n", $field;

$labels[0] = 'name';

$labels[1] = 'account';

$labels[2] = 'password';

$labels[3] = 'lastchange';

$labels[255] = 'notes';

my ($len) = unpack "n1", $field;

if ($len + 4 > length $field) {

return undef, $field;

return (undef, $field);

}

my $unpackstr = "x2 C1 C1 A$len";

my $offset = 2 +1 +1 +$len;

if ($len % 2) { # && $len + 4 < length $field) {

if ($len % 2) {

# trim the 0/1 byte padding for next even address.

$offset++;

$unpackstr .= ' x'

Line 1084

Line 1211

my ($label, $font, $data) = unpack $unpackstr, $field;

my $leftover = substr $field, $offset;

if ($label && $label == 3) {

my $label_id = $label;

my $l = labels($label);

if ($l) {

$label = $l->{name} || $l->{id};

$label_id = $l->{id};

}

if ($label_id && $label_id == 3) {

($data) = substr $field, 4, $len;

$data = _parse_keyring_date($data);

}

return {

#len => $len,

label => $labels[ $label ] || $label,

label => $label,

label_id => $label,

label_id => $label_id,

font => $font,

data => $data,

}, $leftover;

Line 1100

Line 1235

{

my $field = shift;

my %labels = (

name => 0,

account => 1,

password => 2,

lastchange => 3,

notes => 255,

);

my $packed;

if (defined $field) {

my $label = $field->{label_id} || 0;

if (defined $field->{label} && ! $label) {

$label = $labels{ $field->{label} };

$label = $field->{label};

}

my $l = labels($field->{label});

if ($l) {

$label = $l->{id};

}

my $font = $field->{font} || 0;

my $data = defined $field->{data} ? $field->{data} : $EMPTY;

Line 1163

Line 1296

$year -= 4;

$month++;

return pack 'n', $day | ($month << 5) | ($year << 9);

return pack 'n*', $day | ($month << 5) | ($year << 9);

}

Line 1174

Line 1307

my $maxlines = shift; # Max # of lines to dump

my $offset; # Offset of current chunk

my @lines;

for ($offset = 0; $offset < length($data); $offset += 16)

{

my $hex; # Hex values of the data

Line 1188

Line 1323

($ascii = $chunk) =~ y/\040-\176/./c;

printf "%s %-48s|%-16s|\n", $prefix, $hex, $ascii;

push @lines, sprintf "%s %-48s|%-16s|\n", $prefix, $hex, $ascii;

}

return wantarray ? @lines : \@lines;

}

sub _bindump

Line 1199

Line 1335

my $maxlines = shift; # Max # of lines to dump

my $offset; # Offset of current chunk

my @lines;

for ($offset = 0; $offset < length($data); $offset += 8)

{

my $bin; # binary values of the data

Line 1213

Line 1351

($ascii = $chunk) =~ y/\040-\176/./c;

printf "%s %-72s|%-8s|\n", $prefix, $bin, $ascii;

push @lines, sprintf "%s %-72s|%-8s|\n", $prefix, $bin, $ascii;

}

return wantarray ? @lines : \@lines;

}

# Thanks to Jochen Hoenicke <hoenicke@gmail.com>

Line 1226

Line 1365

# keylen is length of generated key in bytes

# prf is the pseudo random function (e.g. hmac_sha1)

# returns the key.

sub _pbkdf2($$$$$)

sub _pbkdf2

{

my ($password, $salt, $iter, $keylen, $prf) = @_;

my ($k, $t, $u, $ui, $i);

Line 1242

Line 1381

return substr($t, 0, $keylen);

}

sub _DES_odd_parity($) {

sub _DES_odd_parity {

my $key = $_[0];

my ($r, $i);

my @odd_parity = (

Line 1280

Line 1419

parses Keyring for Palm OS databases. See

L<http://gnukeyring.sourceforge.net/>.

It has the standard Palm::PDB methods with 2 additional public methods.

It has the standard Palm::PDB methods with 4 additional public methods.

Decrypt and Encrypt.

Unlock, Lock, Decrypt and Encrypt.

It currently supports the v4 Keyring databases as well as

the pre-release v5 databases. I am not completely happy with the interface

the pre-release v5 databases.

for accessing v5 databases, so any suggestions on improvements on

the interface are appreciated.

This module doesn't store the decrypted content. It only keeps it until it

returns it to you or encrypts it.

=head1 SYNOPSIS

use Palm::PDB;

Line 1301

Line 1435

my $pdb = new Palm::PDB;

$pdb->Load($file);

foreach (0..$#{ $pdb->{records} }) {

$pdb->Unlock($pass);

# skip the password record for version 4 databases

foreach my $rec (@{ $pdb->{records} }) {

next if $_ == 0 && $pdb->{version} == 4;

print $rec->{plaintext}->{0}->{data}, ' - ',

my $rec = $pdb->{records}->[$_];

$rec->{plaintext}->{1}->{data}, "\n";

my $acct = $pdb->Decrypt($rec, $pass);

print $rec->{name}, ' - ';

if ($pdb->{version} == 4 || $pdb->{options}->{v4compatible}) {

print ' - ', $acct->{account};

} else {

foreach my $a (@{ $acct }) {

if ($a->{label} eq 'account') {

print ' - ', $a->{data};

last;

}

print "\n";

}

$pdb->Lock();

=head1 SUBROUTINES/METHODS

=head2 new

$pdb = new Palm::Keyring([$password[, $version]]);

$pdb = new Palm::Keyring([$password[, $version[, $cipher]]]);

Create a new PDB, initialized with the various Palm::Keyring fields

and an empty record list.

Line 1332

Line 1454

Use this method if you're creating a Keyring PDB from scratch otherwise you

can just use Palm::PDB::new() before calling Load().

If you pass in a password, it will initalize the first record with the encrypted

If you pass in a password, it will initalize the database with the encrypted

password.

new() now also takes options in other formats

Line 1354

Line 1476

The version of database to create. Accepts either 4 or 5. Currently defaults to 4.

=item v4compatible

The format of the fields passed to Encrypt and returned from Decrypt have changed.

This allows programs to use the newer databases with few changes but with less features.

=item cipher

The cipher to use. Either the number or the name.

The cipher to use. Either the number or the name. Only used by v5 datbases.

0 => None

1 => DES_EDE3

Line 1370

Line 1487

=item iterations

The number of iterations to encrypt with.

The number of iterations to encrypt with. Only used by somy crypts in v5 databases.

=item options

=item file

A hashref of the options that are set

The name of a file to Load(). This will override many of the other options.

=back

Line 1411

Line 1528

default_iter => <default iterations for the cipher>,

};

If it is unable to find the crypt it will return undef.

=head2 labels

Pass in the id or the name of the label. The label id is used as a key

to the different parts of the records.

See Encrypt() for details on where the label is used.

This is a function, not a method.

my $l = Palm::Keyring::labels($label);

$l is now:

$l = {

id => 0,

name => 'name',

};

If what you passed in was a number that doesn't have a name, it will return:

$l => {

id => $num_passed_in,

name => undef,

}

If you pass in a name that it can't find, then it returns undef.

=head2 Encrypt

$pdb->Encrypt($rec, $acct[, $password[, $ivec]]);

=head3 B<!!! IMPORTANT !!!> The order of the arguments to Encrypt has

changed. $password and $plaintext used to be swapped. They changed

because you can now set $rec->{plaintext} and not pass in $plaintext so

$password is more important.

$pdb->Encrypt($rec[, $password[, $plaintext[, $ivec]]]);

Encrypts an account into a record, either with the password previously

used, or with a password that is passed.

Line 1423

Line 1573

randomly.

$rec is a record from $pdb->{records} or a new_Record().

The v4 $acct is a hashref in the format below.

$rec->{plaintext} is a hashref in the format below.

my $v4acct = {

$plaintext = {

name => $rec->{name},

0 => {

account => $account,

label => 'name',

password => $password,

label_id => 0,

notes => $notes,

font => 0,

lastchange => {

data => $name,

year => 107, # years since 1900

1 => {

month => 0, # 0-11, 0 = January, 11 = December

label => 'account',

day => 30, # 1-31, same as localtime

label_id => 1,

font => 0,

data => $account,

};

2 => {

label => 'password',

The v5 $acct is an arrayref full of hashrefs that contain each encrypted field.

label_id => 2,

font => 0,

my $v5acct = [

data => $password,

{

'label_id' => 2,

'data' => 'abcd1234',

'label' => 'password',

'font' => 0

{

3 => {

'label_id' => 3,

label => 'lastchange',

'data' => {

label_id => 3,

'month' => 1,

font => 0,

'day' => 11,

data => {

'year' => 107

year => $year, # usually the year - 1900

mon => $mon, # range 0-11

day => $day, # range 1-31

'label' => 'lastchange',

'font' => 0

{

255 => {

'label_id' => 255,

label => 'notes',

'data' => 'This is a short note.',

label_id => 255,

'label' => 'notes',

font => 0,

'font' => 0

data => $notes,

}

];

};

The account name is stored in $rec->{plaintext}->{0}->{data} for both v4

and v5 databases even when the record has not been Decrypt()ed.

The account name is stored in $rec->{name} for both v4 and v5 databases.

$rec->{plaintext}->{0} => {

It is not returned in the decrypted information for v5.

label => 'name',

label_id => 0,

font => 0,

data => 'account name',

};

$rec->{name} = 'account name';

If you have changed anything other than the lastchange, or don't pass in a

lastchange key, Encrypt() will generate a new lastchange date for you.

If you pass in a lastchange field that is different than the one in the

record, it will honor what you passed in.

Encrypt() only uses the $acct->{name} if there is not already a $rec->{name}.

You can either set $rec->{plaintext} or pass in $plaintext. $plaintext

is used over anything in $rec->{plaintext}.

=head2 Decrypt

my $acct = $pdb->Decrypt($rec[, $password]);

my $plaintext = $pdb->Decrypt($rec[, $password]);

Decrypts the record and returns a reference for the account as described

Decrypts the record and returns a reference for the plaintext account as

under Encrypt().

described under Encrypt().

Also sets $rec->{plaintext} with the same information as $plaintext as

described in Encrypt().

foreach (0..$#{ $pdb->{records} }) {

foreach my $rec (@{ $pdb->{records} }) {

next if $_ == 0 && $pdb->{version} == 4;

my $plaintext = $pdb->Decrypt($rec);

my $rec = $pdb->{records}->[$_];

# do something with $plaintext

my $acct = $pdb->Decrypt($rec);

# do something with $acct

}

Line 1512

Line 1665

$pdb->{digest} = the calculated digest used from the key;

$pdb->{password} = the password that was passed in;

$pdb->{encpassword} = the password as stored in the pdb;

For v5

Line 1528

Line 1682

or calculated when setting a new password.

};

=head2 Unlock

$pdb->Unlock([$password]);

Decrypts all the records. Sets $rec->{plaintext} for all records.

This makes it easy to show all decrypted information.

my $pdb = Palm::KeyRing->new();

$pdb->Load($keyring_file);

$pdb->Unlock($password);

foreach my $plaintext (map { $_->{plaintext} } @{ $pdb->{records} }) {

# Do something like display the account.

}

$pdb->Lock();

=head2 Lock

$pdb->Lock();

Unsets $rec->{plaintext} for all records and unsets the saved password.

This does NOT Encrypt() any of the records before clearing them, so if

you are not careful you will lose information.

B<CAVEAT!> This only does "delete $rec->{plaintext}" and the same for the

password. If someone knows of a cross platform reliable way to make

sure that the information is actually cleared from memory I would

appreciate it. Also, if someone knows how to make sure that the stuff

in $rec->{plaintext} is not written to swap, that would be very handy as

well.

=head2 Other overridden subroutines/methods

=over

Line 1557

Line 1743

encrypted => the encrypted information

};

For v4 databases it also removes record 0 and moves the encrypted password

to $self->{encpassword}.

=item PackRecord

Reverses ParseRecord and then sends it through Palm::StdAppInfo::PackRecord()

=item Write

For v4 databases it puts back the record 0 for the encrypted password before

writing it.

=back

=head1 DEPENDENCIES

Line 1589

Line 1783

=head1 THANKS

I would like to thank the helpful Perlmonk shigetsu who gave me some great advice

I would like to thank the helpful Perlmonk shigetsu who gave me some great

and helped me get my first module posted. L<http://perlmonks.org/?node_id=596998>

advice and helped me get my first module posted.

L<http://perlmonks.org/?node_id=596998>

I would also like to thank

Johan Vromans

Line 1612

Line 1807

I am sure there are problems with this module. For example, I have

not done very extensive testing of the v5 databases.

I am not very happy with the data structures used by Encrypt() and

I am not sure I am 'require module' the best way, but I don't want to

Decrypt() for v5 databases, but I am not sure of a better way.

depend on modules that you don't need to use.

The v4 compatibility mode does not insert a fake record 0 where

normally the encrypted password is stored.

The date validation for packing new dates is very poor.

I have not gone through and standardized on how the module fails. Some

things fail with croak, some return undef, some may even fail silently.

Nothing initializes a lasterr method or anything like that. I need

Nothing initializes a lasterr method or anything like that.

to fix all that before it is a 1.0 candidate.

This module does not do anything special with the plaintext data. It SHOULD

treat it somehow special so that it can't be found in RAM or in a swap file

anywhere. I don't have a clue how to do this.

I need to fix all this before it is a 1.0 candidate.

Please report any bugs or feature requests to

C<bug-palm-keyring at rt.cpan.org>, or through the web interface at

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>