palm/Palm-Keyring/lib/Palm/Keyring.pm - diff

Return to Keyring.pm CVS log

Up to [local] / palm / Palm-Keyring / lib / Palm

Diff for /palm/Palm-Keyring/lib/Palm/Keyring.pm between version 1.48 and 1.64

version 1.48, 2007/09/12 03:44:36

version 1.64, 2011/09/19 04:05:11

Line 1

package Palm::Keyring;

# $RedRiver: Keyring.pm,v 1.47 2007/09/12 00:30:10 andrew Exp $

# $RedRiver: Keyring.pm,v 1.61 2008/09/19 05:55:35 andrew Exp $

########################################################################

# Keyring.pm *** Perl class for Keyring for Palm OS databases.

Line 15

use strict;

use warnings;

require 5.006_001;

use Carp;

use base qw/ Palm::StdAppInfo /;

Line 57

Line 59

blocksize => 16,

default_iter => 250,

{

alias => 'TESTING',

name => 'Testing',

keylen => 8,

blocksize => 1,

default_iter => 1,

);

my %LABELS = (

Line 83

Line 92

);

our $VERSION = '0.96_01';

our $VERSION = '0.96_07';

sub new

{

Line 108

Line 117

else {

$options->{password} = shift;

$options->{version} = shift;

$options->{cipher} = shift;

}

Line 139

Line 149

$self->{appinfo}->{iter} ||= $self->{options}->{iterations};

};

if ( defined $options->{file} ) {

$self->Load($options->{file});

}

if ( defined $options->{password} ) {

$self->Password($options->{password});

}

Line 217

Line 231

}

my $rc = $self->SUPER::Write(@_);

my @rc = $self->SUPER::Write(@_);

if ($self->{version} == 4) {

shift @{ $self->{records} };

}

return $rc;

return @rc;

}

# ParseRecord

Line 233

Line 247

my $self = shift;

my $rec = $self->SUPER::ParseRecord(@_);

return $rec if ! exists $rec->{data};

return $rec if !(defined $rec->{data} && length $rec->{data} );

if ($self->{version} == 4) {

# skip the first record because it contains the password.

Line 241

Line 255

$self->{encpassword} = $rec->{data};

return '__DELETE_ME__';

}

if ($self->{records}->[0] eq '__DELETE_ME__') {

shift @{ $self->{records} };

}

Line 270

Line 284

$rec->{encrypted} = substr $extra, $blocksize;

} else {

# XXX Can never get here to test, ParseAppInfoBlock is always run

# XXX first by Load().

croak "Unsupported Version $self->{version}";

return;

}

return $rec;

Line 288

Line 303

if ($rec->{encrypted}) {

my $name = $rec->{plaintext}->{0}->{data} || $EMPTY;

$rec->{data} = join $NULL, $name, $rec->{encrypted};

delete $rec->{plaintext};

delete $rec->{encrypted};

}

} elsif ($self->{version} == 5) {

croak 'No encrypted data in record' if !defined $rec->{encrypted};

croak 'No ivec!' if !$rec->{ivec};

my $field;

if ($rec->{plaintext}->{0}) {

$field = $rec->{plaintext}->{0};

Line 311

Line 327

} else {

croak "Unsupported Version $self->{version}";

}

# XXX Should I?

#delete $rec->{plaintext};

#delete $rec->{encrypted};

croak 'No data in record to pack' if !$rec->{data};

return $self->SUPER::PackRecord($rec, @_);

}

Line 338

Line 359

# Nothing extra for version 4

} elsif ($self->{version} == 5) {

_parse_appinfo_v5($appinfo) || return;

_parse_appinfo_v5($appinfo);

} else {

croak "Unsupported Version $self->{version}";

Line 351

Line 372

{

my $appinfo = shift;

if (! exists $appinfo->{other}) {

croak 'Corrupt appinfo? no {other}' if ! $appinfo->{other};

# XXX Corrupt appinfo?

return;

}

my $unpackstr

= ("C1" x 8) # 8 uint8s in an array for the salt

Line 421

Line 439

sub Encrypt

{

my $self = shift;

my $rec = shift;

my $rec = shift || croak('Needed parameter [record] not passed!');

my $pass = shift || $self->{password};

my $data = shift || $rec->{plaintext};

my $ivec = shift;

if ( ! $pass && ! $self->{appinfo}->{key}) {

$self->_password_verify($pass);

croak("password not set!\n");

}

if ( ! $rec) {

if ( !$data ) { croak('Needed parameter [plaintext] not passed!'); }

croak("Needed parameter 'record' not passed!\n");

}

if ( ! $data) {

croak("Needed 'plaintext' not passed!\n");

}

if ( $pass && ! $self->Password($pass)) {

croak("Incorrect Password!\n");

}

my $acct;

if ($rec->{encrypted}) {

$acct = $self->Decrypt($rec, $pass);

Line 473

Line 479

$self->{appinfo}->{cipher},

$ivec,

);

if (defined $ivec) {

$rec->{ivec} = $ivec if $ivec;

$rec->{ivec} = $ivec;

}

} else {

croak "Unsupported Version $self->{version}";

Line 483

Line 487

$rec->{plaintext}->{0} = $data->{0};

if ($encrypted) {

if ($encrypted ne '1') {

if ($encrypted eq '1') {

return 1;

}

$rec->{attributes}{Dirty} = 1;

$rec->{attributes}{dirty} = 1;

$rec->{encrypted} = $encrypted;

return 1;

} else {

return;

}

return 1;

}

sub _encrypt_v4

Line 578

Line 576

my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher);

if (! defined $ivec) {

$ivec = pack("C*",map {rand(256)} 1..$c->{blocksize});

if (!$c->{blocksize}) {

$ivec = $EMPTY;

}

else {

while (! $ivec) {

$ivec = pack("C*",map {rand(256)} 1..$c->{blocksize});

}

my $changed = 0;

Line 586

Line 591

if ($new->{3}->{data}) {

$need_newdate = 0;

}

foreach my $k (keys %{ $new }) {

if (! $old) {

$changed = 1;

} elsif ($k == 3) {

if ($old && (

$new->{$k}{data}{day} == $old->{$k}{data}{day} &&

$new->{$k}{data}{month} == $old->{$k}{data}{month} &&

$new->{$k}{data}{year} == $old->{$k}{data}{year}

)) {

$changed = 1;

$need_newdate = 1;

}

} else {

if ($old) {

my $n = join ':', sort %{ $new->{$k} };

foreach my $k (keys %{ $new }) {

my $o = join ':', sort %{ $old->{$k} };

if (! $old->{$k} ) {

if ($n ne $o) {

$changed = 1;

last;

}

if (! $new->{$k}) {

$changed = 1;

last;

}

elsif ($k == 3) {

if (! $new->{$k}->{data} && $old->{$k}->{data} ) {

$changed = 1;

last;

}

my %n = %{ $new->{$k}->{data} };

my %o = %{ $old->{$k}->{data} };

foreach (qw( day month year )) {

$n{$_} ||= 0;

$o{$_} ||= 0;

}

if (

$n{day} == $o{day} &&

$n{month} == $o{month} &&

$n{year} == $o{year}

) {

$need_newdate = 1;

}

else {

$changed = 1;

last;

}

else {

my $n = join ':', sort %{ $new->{$k} };

my $o = join ':', sort %{ $old->{$k} };

if ($n ne $o) {

$changed = 1;

last;

}

else {

$changed = 1;

}

return 1, 0 if $changed == 0;

return 1 if $changed == 0;

if ($need_newdate) {

my ($day, $month, $year) = (localtime)[3,4,5];

Line 631

Line 666

my $plaintext;

foreach my $k (keys %{ $new }) {

next if $new->{$k}->{label_id} == 0;

$plaintext .= _pack_field($new->{$k});

}

$plaintext .= chr(0xff) x 2;

my $encrypted;

if ($c->{name} eq 'None') {

Line 650

Line 687

-blocksize => $c->{blocksize},

-header => 'none',

-padding => 'oneandzeroes',

);

) || croak("Unable to set up encryption!");

if (! $c) {

croak("Unable to set up encryption!");

}

$encrypted = $cbc->encrypt($plaintext);

} else {

Line 673

Line 706

my $rec = shift;

my $pass = shift || $self->{password};

if ( ! $pass && ! $self->{appinfo}->{key}) {

if ( ! $rec) { croak('Needed parameter [record] not passed!'); }

croak("password not set!\n");

if ( ! $rec->{encrypted} ) { croak('No encrypted content!'); }

}

if ( ! $rec) {

$self->_password_verify($pass);

croak("Needed parameter 'record' not passed!\n");

}

if ( $pass && ! $self->Password($pass)) {

croak("Invalid Password!\n");

}

if ( ! $rec->{encrypted} ) {

croak("No encrypted content!");

}

my $plaintext;

if ($self->{version} == 4) {

$self->{digest} ||= _calc_keys( $pass );

Line 788

Line 810

-blocksize => $c->{blocksize},

-header => 'none',

-padding => 'oneandzeroes',

);

) || croak("Unable to set up encryption!");

if (! $c) {

croak("Unable to set up encryption!");

}

my $len = $c->{blocksize} - length($encrypted) % $c->{blocksize};

$encrypted .= $NULL x $len;

$plaintext = $cbc->decrypt($encrypted);

Line 857

Line 876

}

return $self->_password_verify($pass);

}

sub _password_verify {

my $self = shift;

my $pass = shift;

if (!defined $pass) {

$pass = $self->{password};

}

if ( !$pass ) {

croak("Password not set!\n");

}

if (defined $self->{password} && $pass eq $self->{password}) {

# already verified this password

return 1;

}

if ($self->{version} == 4) {

my $valid = _password_verify_v4($pass, $self->{encpassword});

_password_verify_v4($pass, $self->{encpassword});

# May as well generate the keys we need now,

# since we know the password is right

if ($valid) {

$self->{digest} = _calc_keys($pass);

$self->{password} = $pass;

if ($self->{digest} ) {

return 1;

$self->{password} = $pass;

return 1;

}

} elsif ($self->{version} == 5) {

return _password_verify_v5($self->{appinfo}, $pass);

_password_verify_v5($self->{appinfo}, $pass);

} else {

$self->{password} = $pass;

croak "Unsupported version $self->{version}";

return 1;

}

return;

croak "Unsupported Version $self->{version}";

}

sub _password_verify_v4

Line 891

Line 921

my $pass = shift;

my $data = shift;

if (! $pass) { croak('No password specified!'); };

if (! $pass) { croak('No password specified!'); }

if (! $data) { croak('No encrypted password in file!'); }

# XXX die "No encrypted password in file!" unless defined $data;

if ( ! defined $data) { return; };

$data =~ s/$NULL$//xm;

my $salt = substr $data, 0, $kSalt_Size;

Line 906

Line 934

my $digest = md5($msg);

if ($data ne $salt . $digest ) {

return;

croak("Incorrect Password!");

}

return 1;

Line 933

Line 961

#print "Hash: '". $hash . "'\n";

#print "Hash: '". $appinfo->{masterhash} . "'\n";

if ($appinfo->{masterhash} eq $hash) {

if ($appinfo->{masterhash} ne $hash) {

$appinfo->{key} = $key;

croak("Incorrect Password!");

} else {

return;

}

return $key;

$appinfo->{key} = $key;

return 1;

}

Line 955

Line 982

if ($self->{version} == 4) {

my $data = _password_update_v4($pass, @_);

if (! $data) {

if (! $data) { croak "Failed to update password!"; }

carp("Failed to update password!");

return;

}

# AFAIK the thing we use to test the password is

# always in the first entry

Line 977

Line 1001

$self->{appinfo}, $pass, $cipher, $iter, $salt

);

if (! $hash) {

if (! $hash) { croak "Failed to update password!"; }

carp("Failed to update password!");

return;

}

$self->{password} = $pass;

return 1;

} else {

croak("Unsupported version ($self->{version})");

}

return;

croak "Unsupported Version $self->{version}";

}

sub _password_update_v4

Line 1049

Line 1070

my ($pass) = @_;

$pass ||= $self->{password};

if ( $pass && ! $self->Password($pass)) {

$self->_password_verify($pass);

croak("Invalid Password!\n");

}

foreach my $rec (@{ $self->{records} }) {

$self->Decrypt($rec);

Line 1080

Line 1099

sub _calc_keys

{

require Digest::MD5;

import Digest::MD5 qw(md5);

my $pass = shift;

if (! defined $pass) { croak('No password defined!'); };

Line 1176

Line 1198

my ($len) = unpack "n", $field;

if ($len + 4 > length $field) {

return undef, $field;

return (undef, $field);

}

my $unpackstr = "x2 C1 C1 A$len";

my $offset = 2 +1 +1 +$len;

Line 1285

Line 1307

my $maxlines = shift; # Max # of lines to dump

my $offset; # Offset of current chunk

my @lines;

for ($offset = 0; $offset < length($data); $offset += 16)

{

my $hex; # Hex values of the data

Line 1299

Line 1323

($ascii = $chunk) =~ y/\040-\176/./c;

printf "%s %-48s|%-16s|\n", $prefix, $hex, $ascii;

push @lines, sprintf "%s %-48s|%-16s|\n", $prefix, $hex, $ascii;

}

return wantarray ? @lines : \@lines;

}

sub _bindump

Line 1310

Line 1335

my $maxlines = shift; # Max # of lines to dump

my $offset; # Offset of current chunk

my @lines;

for ($offset = 0; $offset < length($data); $offset += 8)

{

my $bin; # binary values of the data

Line 1324

Line 1351

($ascii = $chunk) =~ y/\040-\176/./c;

printf "%s %-72s|%-8s|\n", $prefix, $bin, $ascii;

push @lines, sprintf "%s %-72s|%-8s|\n", $prefix, $bin, $ascii;

}

return wantarray ? @lines : \@lines;

}

# Thanks to Jochen Hoenicke <hoenicke@gmail.com>

Line 1337

Line 1365

# keylen is length of generated key in bytes

# prf is the pseudo random function (e.g. hmac_sha1)

# returns the key.

sub _pbkdf2($$$$$)

sub _pbkdf2

{

my ($password, $salt, $iter, $keylen, $prf) = @_;

my ($k, $t, $u, $ui, $i);

Line 1353

Line 1381

return substr($t, 0, $keylen);

}

sub _DES_odd_parity($) {

sub _DES_odd_parity {

my $key = $_[0];

my ($r, $i);

my @odd_parity = (

Line 1391

Line 1419

parses Keyring for Palm OS databases. See

L<http://gnukeyring.sourceforge.net/>.

It has the standard Palm::PDB methods with 2 additional public methods.

It has the standard Palm::PDB methods with 4 additional public methods.

Decrypt and Encrypt.

Unlock, Lock, Decrypt and Encrypt.

It currently supports the v4 Keyring databases as well as

the pre-release v5 databases. I am not completely happy with the interface

the pre-release v5 databases.

for accessing v5 databases, so any suggestions on improvements on

the interface are appreciated.

This module doesn't store the plaintext content. It only keeps it until it

returns it to you or encrypts it.

=head1 SYNOPSIS

use Palm::PDB;

Line 1412

Line 1435

my $pdb = new Palm::PDB;

$pdb->Load($file);

$pdb->Unlock($pass);

foreach my $rec (@{ $pdb->{records} }) {

my $plaintext = $pdb->Decrypt($rec, $pass);

print $rec->{plaintext}->{0}->{data}, ' - ',

print $plaintext->{0}->{data}, ' - ', $plaintext->{1}->{data}, "\n";

$rec->{plaintext}->{1}->{data}, "\n";

}

$pdb->Lock();

=head1 SUBROUTINES/METHODS

=head2 new

$pdb = new Palm::Keyring([$password[, $version]]);

$pdb = new Palm::Keyring([$password[, $version[, $cipher]]]);

Create a new PDB, initialized with the various Palm::Keyring fields

and an empty record list.

Line 1429

Line 1454

Use this method if you're creating a Keyring PDB from scratch otherwise you

can just use Palm::PDB::new() before calling Load().

If you pass in a password, it will initalize the first record with the encrypted

If you pass in a password, it will initalize the database with the encrypted

password.

new() now also takes options in other formats

Line 1453

Line 1478

=item cipher

The cipher to use. Either the number or the name.

The cipher to use. Either the number or the name. Only used by v5 datbases.

0 => None

1 => DES_EDE3

Line 1462

Line 1487

=item iterations

The number of iterations to encrypt with.

The number of iterations to encrypt with. Only used by somy crypts in v5 databases.

=item options

=item file

A hashref of the options that are set

The name of a file to Load(). This will override many of the other options.

=back

Line 1507

Line 1532

=head2 labels

Pass in the id or the name of the label;

Pass in the id or the name of the label. The label id is used as a key

to the different parts of the records.

See Encrypt() for details on where the label is used.

This is a function, not a method.

Line 1531

Line 1558

=head2 Encrypt

=head3 B<!!! IMPORTANT !!!> The order of the arguments to Encrypt has

changed. $password and $plaintext used to be swapped. They changed

because you can now set $rec->{plaintext} and not pass in $plaintext so

$password is more important.

$pdb->Encrypt($rec[, $password[, $plaintext[, $ivec]]]);

Encrypts an account into a record, either with the password previously

Line 1565

Line 1597

label => 'lastchange',

label_id => 3,

font => 0,

data => $lastchange,

data => {

year => $year, # usually the year - 1900

mon => $mon, # range 0-11

day => $day, # range 1-31

255 => {

label => 'notes',

Line 1575

Line 1611

};

The account name is also stored in $rec->{plaintext}->{0}->{data} for both v4

The account name is stored in $rec->{plaintext}->{0}->{data} for both v4

and v5 databases.

and v5 databases even when the record has not been Decrypt()ed.

$rec->{plaintext}->{0} => {

label => 'name',

Line 1600

Line 1636

my $plaintext = $pdb->Decrypt($rec[, $password]);

Decrypts the record and returns a reference for the plaintext account as

described under L<Encrypt>.

described under Encrypt().

Also sets $rec->{plaintext} with the same information as $plaintext as

described in L<Encrypt>.

described in Encrypt().

foreach my $rec (@{ $pdb->{records} }) {

my $plaintext = $pdb->Decrypt($rec);

Line 1668

Line 1704

Unsets $rec->{plaintext} for all records and unsets the saved password.

This does NOT L<Encrypt> any of the records before clearing them, so if

This does NOT Encrypt() any of the records before clearing them, so if

you are not careful you will lose information.

B<CAVEAT!> This only does "delete $rec->{plaintext}" and the same for the

Line 1774

Line 1810

I am not sure I am 'require module' the best way, but I don't want to

depend on modules that you don't need to use.

I am not very happy with the data structures used by Encrypt() and

Decrypt() for v5 databases, but I am not sure of a better way.

The date validation for packing new dates is very poor.

I have not gone through and standardized on how the module fails. Some

things fail with croak, some return undef, some may even fail silently.

Nothing initializes a lasterr method or anything like that. I need

Nothing initializes a lasterr method or anything like that.

to fix all that before it is a 1.0 candidate.

This module does not do anything special with the plaintext data. It SHOULD

treat it somehow special so that it can't be found in RAM or in a swap file

anywhere. I don't have a clue how to do this.

I need to fix all this before it is a 1.0 candidate.

Please report any bugs or feature requests to

C<bug-palm-keyring at rt.cpan.org>, or through the web interface at

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>