| version 1.55, 2008/09/17 15:47:47 |
version 1.64, 2011/09/19 04:05:11 |
|
|
| package Palm::Keyring; |
package Palm::Keyring; |
| # $RedRiver: Keyring.pm,v 1.54 2007/12/05 05:42:29 andrew Exp $ |
# $RedRiver: Keyring.pm,v 1.61 2008/09/19 05:55:35 andrew Exp $ |
| ######################################################################## |
######################################################################## |
| # Keyring.pm *** Perl class for Keyring for Palm OS databases. |
# Keyring.pm *** Perl class for Keyring for Palm OS databases. |
| # |
# |
|
|
| blocksize => 16, |
blocksize => 16, |
| default_iter => 250, |
default_iter => 250, |
| }, |
}, |
| |
{ |
| |
alias => 'TESTING', |
| |
name => 'Testing', |
| |
keylen => 8, |
| |
blocksize => 1, |
| |
default_iter => 1, |
| |
}, |
| ); |
); |
| |
|
| my %LABELS = ( |
my %LABELS = ( |
|
|
| else { |
else { |
| $options->{password} = shift; |
$options->{password} = shift; |
| $options->{version} = shift; |
$options->{version} = shift; |
| |
$options->{cipher} = shift; |
| } |
} |
| } |
} |
| |
|
|
|
| $self->{appinfo}->{iter} ||= $self->{options}->{iterations}; |
$self->{appinfo}->{iter} ||= $self->{options}->{iterations}; |
| }; |
}; |
| |
|
| |
if ( defined $options->{file} ) { |
| |
$self->Load($options->{file}); |
| |
} |
| |
|
| if ( defined $options->{password} ) { |
if ( defined $options->{password} ) { |
| $self->Password($options->{password}); |
$self->Password($options->{password}); |
| } |
} |
|
|
| } |
} |
| } |
} |
| |
|
| my $rc = $self->SUPER::Write(@_); |
my @rc = $self->SUPER::Write(@_); |
| |
|
| if ($self->{version} == 4) { |
if ($self->{version} == 4) { |
| shift @{ $self->{records} }; |
shift @{ $self->{records} }; |
| } |
} |
| |
|
| return $rc; |
return @rc; |
| } |
} |
| |
|
| # ParseRecord |
# ParseRecord |
|
|
| my $self = shift; |
my $self = shift; |
| |
|
| my $rec = $self->SUPER::ParseRecord(@_); |
my $rec = $self->SUPER::ParseRecord(@_); |
| return $rec if ! exists $rec->{data}; |
return $rec if !(defined $rec->{data} && length $rec->{data} ); |
| |
|
| if ($self->{version} == 4) { |
if ($self->{version} == 4) { |
| # skip the first record because it contains the password. |
# skip the first record because it contains the password. |
|
|
| $self->{encpassword} = $rec->{data}; |
$self->{encpassword} = $rec->{data}; |
| return '__DELETE_ME__'; |
return '__DELETE_ME__'; |
| } |
} |
| |
|
| if ($self->{records}->[0] eq '__DELETE_ME__') { |
if ($self->{records}->[0] eq '__DELETE_ME__') { |
| shift @{ $self->{records} }; |
shift @{ $self->{records} }; |
| } |
} |
|
|
| $rec->{encrypted} = substr $extra, $blocksize; |
$rec->{encrypted} = substr $extra, $blocksize; |
| |
|
| } else { |
} else { |
| |
# XXX Can never get here to test, ParseAppInfoBlock is always run |
| |
# XXX first by Load(). |
| croak "Unsupported Version $self->{version}"; |
croak "Unsupported Version $self->{version}"; |
| return; |
|
| } |
} |
| |
|
| return $rec; |
return $rec; |
|
|
| if ($rec->{encrypted}) { |
if ($rec->{encrypted}) { |
| my $name = $rec->{plaintext}->{0}->{data} || $EMPTY; |
my $name = $rec->{plaintext}->{0}->{data} || $EMPTY; |
| $rec->{data} = join $NULL, $name, $rec->{encrypted}; |
$rec->{data} = join $NULL, $name, $rec->{encrypted}; |
| delete $rec->{plaintext}; |
|
| delete $rec->{encrypted}; |
|
| } |
} |
| |
|
| } elsif ($self->{version} == 5) { |
} elsif ($self->{version} == 5) { |
| |
croak 'No encrypted data in record' if !defined $rec->{encrypted}; |
| |
croak 'No ivec!' if !$rec->{ivec}; |
| |
|
| my $field; |
my $field; |
| if ($rec->{plaintext}->{0}) { |
if ($rec->{plaintext}->{0}) { |
| $field = $rec->{plaintext}->{0}; |
$field = $rec->{plaintext}->{0}; |
|
|
| } else { |
} else { |
| croak "Unsupported Version $self->{version}"; |
croak "Unsupported Version $self->{version}"; |
| } |
} |
| |
# XXX Should I? |
| |
#delete $rec->{plaintext}; |
| |
#delete $rec->{encrypted}; |
| |
|
| |
croak 'No data in record to pack' if !$rec->{data}; |
| |
|
| return $self->SUPER::PackRecord($rec, @_); |
return $self->SUPER::PackRecord($rec, @_); |
| } |
} |
| |
|
|
|
| # Nothing extra for version 4 |
# Nothing extra for version 4 |
| |
|
| } elsif ($self->{version} == 5) { |
} elsif ($self->{version} == 5) { |
| _parse_appinfo_v5($appinfo) || return; |
_parse_appinfo_v5($appinfo); |
| |
|
| } else { |
} else { |
| croak "Unsupported Version $self->{version}"; |
croak "Unsupported Version $self->{version}"; |
|
|
| { |
{ |
| my $appinfo = shift; |
my $appinfo = shift; |
| |
|
| if (! exists $appinfo->{other}) { |
croak 'Corrupt appinfo? no {other}' if ! $appinfo->{other}; |
| # XXX Corrupt appinfo? |
|
| return; |
|
| } |
|
| |
|
| my $unpackstr |
my $unpackstr |
| = ("C1" x 8) # 8 uint8s in an array for the salt |
= ("C1" x 8) # 8 uint8s in an array for the salt |
|
|
| sub Encrypt |
sub Encrypt |
| { |
{ |
| my $self = shift; |
my $self = shift; |
| my $rec = shift; |
my $rec = shift || croak('Needed parameter [record] not passed!'); |
| my $pass = shift || $self->{password}; |
my $pass = shift || $self->{password}; |
| my $data = shift || $rec->{plaintext}; |
my $data = shift || $rec->{plaintext}; |
| my $ivec = shift; |
my $ivec = shift; |
| |
|
| if ( ! $pass && ! $self->{appinfo}->{key}) { |
$self->_password_verify($pass); |
| croak("password not set!\n"); |
|
| } |
|
| |
|
| if ( ! $rec) { |
if ( !$data ) { croak('Needed parameter [plaintext] not passed!'); } |
| croak("Needed parameter 'record' not passed!\n"); |
|
| } |
|
| |
|
| if ( ! $data) { |
|
| croak("Needed 'plaintext' not passed!\n"); |
|
| } |
|
| |
|
| if ( $pass && ! $self->Password($pass)) { |
|
| croak("Incorrect Password!\n"); |
|
| } |
|
| |
|
| my $acct; |
my $acct; |
| if ($rec->{encrypted}) { |
if ($rec->{encrypted}) { |
| $acct = $self->Decrypt($rec, $pass); |
$acct = $self->Decrypt($rec, $pass); |
|
|
| $self->{appinfo}->{cipher}, |
$self->{appinfo}->{cipher}, |
| $ivec, |
$ivec, |
| ); |
); |
| if (defined $ivec) { |
$rec->{ivec} = $ivec if $ivec; |
| $rec->{ivec} = $ivec; |
|
| } |
|
| |
|
| } else { |
} else { |
| croak "Unsupported Version $self->{version}"; |
croak "Unsupported Version $self->{version}"; |
|
|
| |
|
| $rec->{plaintext}->{0} = $data->{0}; |
$rec->{plaintext}->{0} = $data->{0}; |
| |
|
| if ($encrypted) { |
if ($encrypted ne '1') { |
| if ($encrypted eq '1') { |
|
| return 1; |
|
| } |
|
| |
|
| $rec->{attributes}{Dirty} = 1; |
$rec->{attributes}{Dirty} = 1; |
| $rec->{attributes}{dirty} = 1; |
$rec->{attributes}{dirty} = 1; |
| $rec->{encrypted} = $encrypted; |
$rec->{encrypted} = $encrypted; |
| |
|
| return 1; |
|
| } else { |
|
| return; |
|
| } |
} |
| |
|
| |
return 1; |
| } |
} |
| |
|
| sub _encrypt_v4 |
sub _encrypt_v4 |
|
|
| my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher); |
my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher); |
| |
|
| if (! defined $ivec) { |
if (! defined $ivec) { |
| $ivec = pack("C*",map {rand(256)} 1..$c->{blocksize}); |
if (!$c->{blocksize}) { |
| |
$ivec = $EMPTY; |
| |
} |
| |
else { |
| |
while (! $ivec) { |
| |
$ivec = pack("C*",map {rand(256)} 1..$c->{blocksize}); |
| |
} |
| |
} |
| } |
} |
| |
|
| my $changed = 0; |
my $changed = 0; |
|
|
| if ($new->{3}->{data}) { |
if ($new->{3}->{data}) { |
| $need_newdate = 0; |
$need_newdate = 0; |
| } |
} |
| foreach my $k (keys %{ $new }) { |
|
| if (! $old) { |
|
| $changed = 1; |
|
| } elsif ($k == 3) { |
|
| if ($old && ( |
|
| $new->{$k}{data}{day} == $old->{$k}{data}{day} && |
|
| $new->{$k}{data}{month} == $old->{$k}{data}{month} && |
|
| $new->{$k}{data}{year} == $old->{$k}{data}{year} |
|
| )) { |
|
| $changed = 1; |
|
| $need_newdate = 1; |
|
| } |
|
| |
|
| } else { |
if ($old) { |
| my $n = join ':', sort %{ $new->{$k} }; |
foreach my $k (keys %{ $new }) { |
| my $o = join ':', sort %{ $old->{$k} }; |
if (! $old->{$k} ) { |
| if ($n ne $o) { |
|
| $changed = 1; |
$changed = 1; |
| |
last; |
| |
} |
| |
if (! $new->{$k}) { |
| |
$changed = 1; |
| |
last; |
| } |
} |
| |
elsif ($k == 3) { |
| |
if (! $new->{$k}->{data} && $old->{$k}->{data} ) { |
| |
$changed = 1; |
| |
last; |
| |
} |
| |
|
| |
my %n = %{ $new->{$k}->{data} }; |
| |
my %o = %{ $old->{$k}->{data} }; |
| |
|
| |
foreach (qw( day month year )) { |
| |
$n{$_} ||= 0; |
| |
$o{$_} ||= 0; |
| |
} |
| |
|
| |
if ( |
| |
$n{day} == $o{day} && |
| |
$n{month} == $o{month} && |
| |
$n{year} == $o{year} |
| |
) { |
| |
$need_newdate = 1; |
| |
} |
| |
else { |
| |
$changed = 1; |
| |
last; |
| |
} |
| |
|
| |
} |
| |
else { |
| |
my $n = join ':', sort %{ $new->{$k} }; |
| |
my $o = join ':', sort %{ $old->{$k} }; |
| |
if ($n ne $o) { |
| |
$changed = 1; |
| |
last; |
| |
} |
| |
} |
| } |
} |
| } |
} |
| |
else { |
| |
$changed = 1; |
| |
} |
| |
|
| return 1, 0 if $changed == 0; |
return 1 if $changed == 0; |
| |
|
| if ($need_newdate) { |
if ($need_newdate) { |
| my ($day, $month, $year) = (localtime)[3,4,5]; |
my ($day, $month, $year) = (localtime)[3,4,5]; |
|
|
| -blocksize => $c->{blocksize}, |
-blocksize => $c->{blocksize}, |
| -header => 'none', |
-header => 'none', |
| -padding => 'oneandzeroes', |
-padding => 'oneandzeroes', |
| ); |
) || croak("Unable to set up encryption!"); |
| |
|
| if (! $c) { |
|
| croak("Unable to set up encryption!"); |
|
| } |
|
| |
|
| $encrypted = $cbc->encrypt($plaintext); |
$encrypted = $cbc->encrypt($plaintext); |
| |
|
| } else { |
} else { |
|
|
| my $rec = shift; |
my $rec = shift; |
| my $pass = shift || $self->{password}; |
my $pass = shift || $self->{password}; |
| |
|
| if ( ! $pass && ! $self->{appinfo}->{key}) { |
if ( ! $rec) { croak('Needed parameter [record] not passed!'); } |
| croak("password not set!\n"); |
if ( ! $rec->{encrypted} ) { croak('No encrypted content!'); } |
| } |
|
| |
|
| if ( ! $rec) { |
$self->_password_verify($pass); |
| croak("Needed parameter 'record' not passed!\n"); |
|
| } |
|
| |
|
| if ( $pass && ! $self->Password($pass)) { |
|
| croak("Invalid Password!\n"); |
|
| } |
|
| |
|
| if ( ! $rec->{encrypted} ) { |
|
| croak("No encrypted content!"); |
|
| } |
|
| |
|
| my $plaintext; |
my $plaintext; |
| if ($self->{version} == 4) { |
if ($self->{version} == 4) { |
| $self->{digest} ||= _calc_keys( $pass ); |
$self->{digest} ||= _calc_keys( $pass ); |
|
|
| -blocksize => $c->{blocksize}, |
-blocksize => $c->{blocksize}, |
| -header => 'none', |
-header => 'none', |
| -padding => 'oneandzeroes', |
-padding => 'oneandzeroes', |
| ); |
) || croak("Unable to set up encryption!"); |
| |
|
| if (! $c) { |
|
| croak("Unable to set up encryption!"); |
|
| } |
|
| my $len = $c->{blocksize} - length($encrypted) % $c->{blocksize}; |
my $len = $c->{blocksize} - length($encrypted) % $c->{blocksize}; |
| $encrypted .= $NULL x $len; |
$encrypted .= $NULL x $len; |
| $plaintext = $cbc->decrypt($encrypted); |
$plaintext = $cbc->decrypt($encrypted); |
|
|
| } |
} |
| } |
} |
| |
|
| |
return $self->_password_verify($pass); |
| |
} |
| |
|
| |
sub _password_verify { |
| |
my $self = shift; |
| |
my $pass = shift; |
| |
if (!defined $pass) { |
| |
$pass = $self->{password}; |
| |
} |
| |
|
| |
if ( !$pass ) { |
| |
croak("Password not set!\n"); |
| |
} |
| |
|
| if (defined $self->{password} && $pass eq $self->{password}) { |
if (defined $self->{password} && $pass eq $self->{password}) { |
| # already verified this password |
# already verified this password |
| return 1; |
return 1; |
| } |
} |
| |
|
| if ($self->{version} == 4) { |
if ($self->{version} == 4) { |
| my $valid = _password_verify_v4($pass, $self->{encpassword}); |
_password_verify_v4($pass, $self->{encpassword}); |
| |
|
| # May as well generate the keys we need now, |
# May as well generate the keys we need now, |
| # since we know the password is right |
# since we know the password is right |
| if ($valid) { |
$self->{digest} = _calc_keys($pass); |
| $self->{digest} = _calc_keys($pass); |
$self->{password} = $pass; |
| if ($self->{digest} ) { |
return 1; |
| $self->{password} = $pass; |
|
| return 1; |
|
| } |
|
| } |
|
| } elsif ($self->{version} == 5) { |
} elsif ($self->{version} == 5) { |
| return _password_verify_v5($self->{appinfo}, $pass); |
_password_verify_v5($self->{appinfo}, $pass); |
| } else { |
$self->{password} = $pass; |
| croak "Unsupported version $self->{version}"; |
return 1; |
| } |
} |
| |
|
| return; |
croak "Unsupported Version $self->{version}"; |
| } |
} |
| |
|
| sub _password_verify_v4 |
sub _password_verify_v4 |
|
|
| my $pass = shift; |
my $pass = shift; |
| my $data = shift; |
my $data = shift; |
| |
|
| if (! $pass) { croak('No password specified!'); }; |
if (! $pass) { croak('No password specified!'); } |
| |
if (! $data) { croak('No encrypted password in file!'); } |
| |
|
| # XXX die "No encrypted password in file!" unless defined $data; |
|
| if ( ! defined $data) { return; }; |
|
| |
|
| $data =~ s/$NULL$//xm; |
$data =~ s/$NULL$//xm; |
| |
|
| my $salt = substr $data, 0, $kSalt_Size; |
my $salt = substr $data, 0, $kSalt_Size; |
|
|
| my $digest = md5($msg); |
my $digest = md5($msg); |
| |
|
| if ($data ne $salt . $digest ) { |
if ($data ne $salt . $digest ) { |
| return; |
croak("Incorrect Password!"); |
| } |
} |
| |
|
| return 1; |
return 1; |
|
|
| #print "Hash: '". $hash . "'\n"; |
#print "Hash: '". $hash . "'\n"; |
| #print "Hash: '". $appinfo->{masterhash} . "'\n"; |
#print "Hash: '". $appinfo->{masterhash} . "'\n"; |
| |
|
| if ($appinfo->{masterhash} eq $hash) { |
if ($appinfo->{masterhash} ne $hash) { |
| $appinfo->{key} = $key; |
croak("Incorrect Password!"); |
| } else { |
|
| return; |
|
| } |
} |
| |
|
| return $key; |
$appinfo->{key} = $key; |
| |
return 1; |
| } |
} |
| |
|
| |
|
|
|
| if ($self->{version} == 4) { |
if ($self->{version} == 4) { |
| my $data = _password_update_v4($pass, @_); |
my $data = _password_update_v4($pass, @_); |
| |
|
| if (! $data) { |
if (! $data) { croak "Failed to update password!"; } |
| carp("Failed to update password!"); |
|
| return; |
|
| } |
|
| |
|
| # AFAIK the thing we use to test the password is |
# AFAIK the thing we use to test the password is |
| # always in the first entry |
# always in the first entry |
|
|
| $self->{appinfo}, $pass, $cipher, $iter, $salt |
$self->{appinfo}, $pass, $cipher, $iter, $salt |
| ); |
); |
| |
|
| if (! $hash) { |
if (! $hash) { croak "Failed to update password!"; } |
| carp("Failed to update password!"); |
|
| return; |
|
| } |
|
| |
|
| |
$self->{password} = $pass; |
| |
|
| return 1; |
return 1; |
| } else { |
|
| croak("Unsupported version ($self->{version})"); |
|
| } |
} |
| |
|
| return; |
croak "Unsupported Version $self->{version}"; |
| } |
} |
| |
|
| sub _password_update_v4 |
sub _password_update_v4 |
|
|
| my ($pass) = @_; |
my ($pass) = @_; |
| $pass ||= $self->{password}; |
$pass ||= $self->{password}; |
| |
|
| if ( $pass && ! $self->Password($pass)) { |
$self->_password_verify($pass); |
| croak("Invalid Password!\n"); |
|
| } |
|
| |
|
| foreach my $rec (@{ $self->{records} }) { |
foreach my $rec (@{ $self->{records} }) { |
| $self->Decrypt($rec); |
$self->Decrypt($rec); |
|
|
| |
|
| sub _calc_keys |
sub _calc_keys |
| { |
{ |
| |
require Digest::MD5; |
| |
import Digest::MD5 qw(md5); |
| |
|
| my $pass = shift; |
my $pass = shift; |
| if (! defined $pass) { croak('No password defined!'); }; |
if (! defined $pass) { croak('No password defined!'); }; |
| |
|
|
|
| |
|
| =head2 new |
=head2 new |
| |
|
| $pdb = new Palm::Keyring([$password[, $version]]); |
$pdb = new Palm::Keyring([$password[, $version[, $cipher]]]); |
| |
|
| Create a new PDB, initialized with the various Palm::Keyring fields |
Create a new PDB, initialized with the various Palm::Keyring fields |
| and an empty record list. |
and an empty record list. |
|
|
| =item iterations |
=item iterations |
| |
|
| The number of iterations to encrypt with. Only used by somy crypts in v5 databases. |
The number of iterations to encrypt with. Only used by somy crypts in v5 databases. |
| |
|
| |
=item file |
| |
|
| |
The name of a file to Load(). This will override many of the other options. |
| |
|
| =back |
=back |
| |
|
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to Keyring.pm CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [local] / palm / Palm-Keyring / lib / Palm