=================================================================== RCS file: /cvs/palm/Palm-Keyring/lib/Palm/Keyring.pm,v retrieving revision 1.37 retrieving revision 1.40 diff -u -r1.37 -r1.40 --- palm/Palm-Keyring/lib/Palm/Keyring.pm 2007/02/23 02:34:01 1.37 +++ palm/Palm-Keyring/lib/Palm/Keyring.pm 2007/02/23 03:32:46 1.40 @@ -1,5 +1,5 @@ package Palm::Keyring; -# $RedRiver: Keyring.pm,v 1.36 2007/02/22 05:16:04 andrew Exp $ +# $RedRiver: Keyring.pm,v 1.39 2007/02/23 03:24:09 andrew Exp $ ######################################################################## # Keyring.pm *** Perl class for Keyring for Palm OS databases. # @@ -107,11 +107,11 @@ # Set defaults if ($self->{version} == 5) { $self->{options}->{cipher} ||= 0; # 'None' - $self->{options}->{iterations} ||= - $CRYPTS[ $self->{options}->{cipher} ]{default_iter}; - - $self->{appinfo}->{cipher} ||= $self->{options}->{cipher}; - $self->{appinfo}->{iter} ||= $self->{options}->{iterations}; + my $c = crypts($self->{options}->{cipher}) + or croak('Unknown cipher ' . $self->{options}->{cipher}); + $self->{options}->{iterations} ||= $c->{default_iter}; + $self->{appinfo}->{cipher} ||= $self->{options}->{cipher}; + $self->{appinfo}->{iter} ||= $self->{options}->{iterations}; }; if ( defined $options->{password} ) { @@ -132,7 +132,9 @@ sub crypts { my $crypt = shift; - if ($crypt =~ /\D/) { + if (! defined $crypt || ! length $crypt) { + return; + } elsif ($crypt =~ /\D/) { foreach my $c (@CRYPTS) { if ($c->{alias} eq $crypt) { return $c; @@ -166,7 +168,9 @@ delete $rec->{data}; } elsif ($self->{version} == 5) { - my $blocksize = $CRYPTS[ $self->{appinfo}->{cipher} ]{blocksize}; + my $c = crypts( $self->{appinfo}->{cipher} ) + or croak('Unknown cipher ' . $self->{appinfo}->{cipher}); + my $blocksize = $c->{blocksize}; my ($field, $extra) = _parse_field($rec->{data}); delete $rec->{data}; @@ -488,12 +492,10 @@ my $key = shift; my $cipher = shift; my $ivec = shift; - my $blocksize = $CRYPTS[ $cipher ]{blocksize}; - my $keylen = $CRYPTS[ $cipher ]{keylen}; - my $cipher_name = $CRYPTS[ $cipher ]{name}; + my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher); if (! defined $ivec) { - $ivec = pack("C*",map {rand(256)} 1..$blocksize); + $ivec = pack("C*",map {rand(256)} 1..$c->{blocksize}); } my $changed = 0; @@ -558,19 +560,19 @@ $decrypted .= _pack_field($field); } my $encrypted; - if ($cipher_name eq 'None') { + if ($c->{name} eq 'None') { # do nothing $encrypted = $decrypted; - } elsif ($cipher_name eq 'DES_EDE3' or $cipher_name eq 'Rijndael') { + } elsif ($c->{name} eq 'DES_EDE3' or $c->{name} eq 'Rijndael') { require Crypt::CBC; - my $c = Crypt::CBC->new( + my $cbc = Crypt::CBC->new( -key => $key, -literal_key => 1, -iv => $ivec, - -cipher => $cipher_name, - -keysize => $keylen, - -blocksize => $blocksize, + -cipher => $c->{name}, + -keysize => $c->{keylen}, + -blocksize => $c->{blocksize}, -header => 'none', -padding => 'oneandzeroes', ); @@ -579,7 +581,7 @@ croak("Unable to set up encryption!"); } - $encrypted = $c->encrypt($decrypted); + $encrypted = $cbc->encrypt($decrypted); } else { die "Unsupported Version"; @@ -670,25 +672,23 @@ my $cipher = shift; my $ivec = shift; - my $keylen = $CRYPTS[ $cipher ]{keylen}; - my $cipher_name = $CRYPTS[ $cipher ]{name}; - my $blocksize = $CRYPTS[ $cipher ]{blocksize}; + my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher); my $decrypted; - if ($cipher_name eq 'None') { + if ($c->{name} eq 'None') { # do nothing $decrypted = $encrypted; - } elsif ($cipher_name eq 'DES_EDE3' or $cipher_name eq 'Rijndael') { + } elsif ($c->{name} eq 'DES_EDE3' or $c->{name} eq 'Rijndael') { require Crypt::CBC; - my $c = Crypt::CBC->new( + my $cbc = Crypt::CBC->new( -key => $key, -literal_key => 1, -iv => $ivec, - -cipher => $cipher_name, - -keysize => $keylen, - -blocksize => $blocksize, + -cipher => $c->{name}, + -keysize => $c->{keylen}, + -blocksize => $c->{blocksize}, -header => 'none', -padding => 'oneandzeroes', ); @@ -696,9 +696,9 @@ if (! $c) { croak("Unable to set up encryption!"); } - my $len = $blocksize - length($encrypted) % $blocksize; + my $len = $c->{blocksize} - length($encrypted) % $c->{blocksize}; $encrypted .= $NULL x $len; - $decrypted = $c->decrypt($encrypted); + $decrypted = $cbc->decrypt($encrypted); } else { die "Unsupported Version"; @@ -840,10 +840,12 @@ my $salt = pack("H*", $appinfo->{salt}); + my $c = crypts($appinfo->{cipher}) + or croak('Unknown cipher ' . $appinfo->{cipher}); my ($key, $hash) = _calc_key_v5( $pass, $salt, $appinfo->{iter}, - $CRYPTS[ $appinfo->{cipher} ]{keylen}, - $CRYPTS[ $appinfo->{cipher} ]{DES_odd_parity}, + $c->{keylen}, + $c->{DES_odd_parity}, ); #print "Iter: '" . $appinfo->{iter} . "'\n"; @@ -946,18 +948,18 @@ my $length = 8; my $salt = shift || pack("C*",map {rand(256)} 1..$length); + my $c = crypts($cipher) or croak('Unknown cipher ' . $cipher); my ($key, $hash) = _calc_key_v5( $pass, $salt, $iter, - $CRYPTS[ $cipher ]->{keylen}, - $CRYPTS[ $cipher ]->{DES_odd_parity}, + $c->{keylen}, + $c->{DES_odd_parity}, ); $appinfo->{salt} = unpack "H*", $salt; $appinfo->{iter} = $iter; $appinfo->{cipher} = $cipher; - - $appinfo->{key} = $key; $appinfo->{masterhash} = $hash; + $appinfo->{key} = $key; return $key; } @@ -1128,7 +1130,7 @@ $packed .= $NULL; } } else { - my $packstr = "n1 c1 c1 x1"; + my $packstr = "n1 C1 C1 x1"; $packed = pack $packstr, 0, 0, 0; } @@ -1283,7 +1285,7 @@ It currently supports the v4 Keyring databases as well as the pre-release v5 databases. I am not completely happy with the interface -for accessing the v5 database, so any suggestions on improvements on +for accessing v5 databases, so any suggestions on improvements on the interface are appreciated. This module doesn't store the decrypted content. It only keeps it until it @@ -1309,7 +1311,7 @@ print ' - ', $acct->{account}; } else { foreach my $a (@{ $acct }) { - if ($a->{type} eq 'account') { + if ($a->{label} eq 'account') { print ' - ', $a->{data}; last; } @@ -1338,8 +1340,10 @@ $pdb = new Palm::Keyring({ key1 => value1, key2 => value2 }); $pdb = new Palm::Keyring( -key1 => value1, -key2 => value2); -Supported options +=over +=item Supported options + =over =item password @@ -1357,7 +1361,7 @@ =item cipher -The cipher to use. 0, 1, 2 or 3. +The cipher to use. Either the number or the name. 0 => None 1 => DES_EDE3 @@ -1374,7 +1378,10 @@ =back +=back + For v5 databases there are some additional appinfo fields set. +These are set either on new() or Load(). $pdb->{appinfo} = { # normal appinfo stuff described in L @@ -1386,8 +1393,12 @@ Pass in the alias of the crypt to use, or the index. +These only make sense for v5 databases. + This is a function, not a method. +$cipher can be 0, 1, 2, 3, None, DES_EDE3, AES128 or AES256. + my $c = Palm::Keyring::crypt($cipher); $c is now: @@ -1474,7 +1485,7 @@ Decrypts the record and returns a reference for the account as described under Encrypt(). - foreach (0..$#{ $pdb->{records}) { + foreach (0..$#{ $pdb->{records} }) { next if $_ == 0 && $pdb->{version} == 4; my $rec = $pdb->{records}->[$_]; my $acct = $pdb->Decrypt($rec);