=================================================================== RCS file: /cvs/palm/Palm-Keyring/lib/Palm/Keyring.pm,v retrieving revision 1.14 retrieving revision 1.17 diff -u -r1.14 -r1.17 --- palm/Palm-Keyring/lib/Palm/Keyring.pm 2007/01/28 22:24:17 1.14 +++ palm/Palm-Keyring/lib/Palm/Keyring.pm 2007/01/30 05:16:16 1.17 @@ -1,6 +1,6 @@ package Palm::Keyring; -# $RedRiver: Keyring.pm,v 1.13 2007/01/28 18:13:28 andrew Exp $ +# $RedRiver: Keyring.pm,v 1.16 2007/01/30 04:59:55 andrew Exp $ # # Perl class for dealing with Keyring for Palm OS databases. # @@ -25,10 +25,8 @@ Readonly my $NULL => chr 0; # One liner, to allow MakeMaker to work. -our ($VERSION) = q$Revision: 1.14 $ =~ m{ Revision: \s+ (\S+) }xm; +our $VERSION = 0.91; -#@ISA = qw( Palm::StdAppInfo Palm::Raw ); - sub new { my $classname = shift; my $pass = shift; @@ -54,11 +52,8 @@ # Set the version $self->{'version'} = 4; - # Give the PDB the first record that will hold the encrypted password - $self->{'records'} = [ $self->new_Record ]; - if ( defined $pass ) { - $self->Encrypt($pass); + $self->Password($pass); } return $self; @@ -69,143 +64,154 @@ return 1; } -sub Load { +sub ParseRecord { my $self = shift; - my $filename = shift; - my $password = shift; - $self->{'appinfo'} = {}; - $self->{'records'} = []; - $self->SUPER::Load($filename); + my $rec = $self->SUPER::ParseRecord(@_); - foreach my $rec ( @{ $self->{'records'} } ) { - if ( ! exists $rec->{'data'}) { next; }; - my ( $name, $encrypted ) = split /$NULL/xm, $rec->{'data'}, 2; - if ( ! $encrypted ) { next }; - $rec->{'plaintext'}->{'name'} = $name; - $rec->{'encrypted'} = $encrypted; - } + # skip the 0 record that holds the password + return $rec if ! exists $self->{'records'}; - return $self->Decrypt($password) if defined $password; + # skip records with no data (There shouldn't be any) + return $rec if ! exists $rec->{'data'}; - return 1; + my ( $name, $encrypted ) = split /$NULL/xm, $rec->{'data'}, 2; + + return $rec if ! $encrypted; + $rec->{'data'} = $name; + $rec->{'encrypted'} = $encrypted; + + return $rec; } -sub Write { - my $self = shift; - my $filename = shift; - my $password = shift; +sub PackRecord { + my $self = shift; + my $rec = shift; - $self->Encrypt($password) || return; - return $self->SUPER::Write($filename); + my $rec0_id = $self->{'records'}->[0]->{'id'}; + + if ($rec->{'encrypted'} && ! $rec->{'id'} == $rec0_id) { + $rec->{'data'} = join $NULL, $rec->{'data'}, $rec->{'encrypted'}; + delete $rec->{'encrypted'}; + } + + return $self->SUPER::PackRecord($rec, @_); } sub Encrypt { my $self = shift; - my $pass = shift; + my $rec = shift; + my $data = shift; + my $pass = shift || $self->{'password'}; - if ($pass) { - if ( - !( exists $self->{'records'}->[0]->{'data'} - && $self->_keyring_verify($pass) ) - ) - { + if ( ! $pass) { + croak("'password' not set!\n"); + } - # This would encrypt with a new password. - # First decrypting everything with the old password of course. - $self->_keyring_update($pass) || return; - $self->_keyring_verify($pass) || return; - } + if ( ! $rec) { + croak("Needed parameter 'record' not passed!\n"); } - $self->{'digest'} ||= _calc_keys( $self->{'password'} ); + if ( ! $data) { + croak("Needed parameter 'data' not passed!\n"); + } - foreach my $rec ( @{ $self->{'records'} } ) { - if (!defined $rec->{'plaintext'}) { next; }; + if ( ! $self->Password($pass)) { + croak("Incorrect Password!\n"); + } - my $name = - defined $rec->{'plaintext'}->{'name'} - ? $rec->{'plaintext'}->{'name'} - : $EMPTY; - my $account = - defined $rec->{'plaintext'}->{'account'} - ? $rec->{'plaintext'}->{'account'} - : $EMPTY; - my $password = - defined $rec->{'plaintext'}->{'password'} - ? $rec->{'plaintext'}->{'password'} - : $EMPTY; - my $description = - defined $rec->{'plaintext'}->{'description'} - ? $rec->{'plaintext'}->{'description'} - : $EMPTY; - my $extra = $EMPTY; + $self->{'digest'} ||= _calc_keys( $pass ); - my $plaintext = join "$NULL", $account, $password, $description, $extra; + $data->{'account'} ||= $EMPTY; + $data->{'password'} ||= $EMPTY; + $data->{'notes'} ||= $EMPTY; - my $encrypted = _crypt3des( $plaintext, $self->{'digest'}, $ENCRYPT ); + my $plaintext = join $NULL, + $data->{'account'}, $data->{'password'}, $data->{'notes'}; - $rec->{'data'} = join "$NULL", $name, $encrypted; - } + my $encrypted = _crypt3des( $plaintext, $self->{'digest'}, $ENCRYPT ); + return if ! $encrypted; + + $rec->{'data'} ||= $data->{'name'}; + $rec->{'encrypted'} = $encrypted; return 1; } sub Decrypt { my $self = shift; - my $pass = shift; + my $rec = shift; + my $pass = shift || $self->{'password'}; - if ($pass) { - $self->_keyring_verify($pass) || return; + if ( ! $pass) { + croak("'password' not set!\n"); } - $self->{'digest'} ||= _calc_keys( $self->{'password'} ); + if ( ! $rec) { + carp("Needed parameter 'record' not passed!\n"); + return; + } - my $reccount = 0; - foreach my $rec ( @{ $self->{'records'} } ) { - $reccount++; + if ( ! $self->Password($pass)) { + croak("Invalid Password!\n"); + } - # always skip the first record that has the password in it. - next if $reccount <= 1; - if ( ! defined $rec->{'data'} ) { - warn 'Invalid record ' . ( $reccount - 1 ) . "\n"; - next; - } + if ( ! $rec->{'encrypted'} ) { + croak("No encrypted content!"); + } - my ( $name, $encrypted ) = split /$NULL/xm, $rec->{'data'}, 2; - if (! $encrypted) { next; }; + $self->{'digest'} ||= _calc_keys( $pass ); - $rec->{'plaintext'}->{'name'} = $name; - - my $decrypted = _crypt3des( $encrypted, $self->{'digest'}, $DECRYPT ); - my ( $account, $password, $description, $extra ) = split /$NULL/xm, + my $decrypted = + _crypt3des( $rec->{'encrypted'}, $self->{'digest'}, $DECRYPT ); + my ( $account, $password, $notes, $extra ) = split /$NULL/xm, $decrypted, 4; - $rec->{'plaintext'}->{'account'} = defined $account ? $account : $EMPTY; - $rec->{'plaintext'}->{'password'} = - defined $password ? $password : $EMPTY; - $rec->{'plaintext'}->{'description'} = - defined $description ? $description : $EMPTY; + return { + account => $account, + password => $password, + notes => $notes, + }; +} - #print "Name: '$name'\n"; - #print "Encrypted: '$encrypted' - Length: " . length($encrypted) . "\n"; - #print " Hex: '" . unpack("H*", $encrypted) . "'\n"; - #print " Binary:'" . unpack("b*", $encrypted) . "'\n"; - #print "Decrypted: '$decrypted' - Length: " . length($decrypted) . "\n"; - #print " Hex: '" . unpack("H*", $decrypted) . "'\n"; - #print " Binary:'" . unpack("b*", $decrypted) . "'\n"; - #print "\n"; - #print "Extra: $extra\n"; - #exit; - #-------------------------------------------------- - # print "Account: $account\n"; - # print "Password: $password\n"; - # print "Description: $description\n"; - #-------------------------------------------------- +sub Password { + my $self = shift; + my $pass = shift || $self->{'password'}; + my $new_pass = shift; + if (! exists $self->{'records'}) { + # Give the PDB the first record that will hold the encrypted password + $self->{'records'} = [ $self->new_Record ]; + + return $self->_password_update($pass); } - return 1; + if ($new_pass) { + my @accts = (); + foreach my $i (0..$#{ $self->{'records'} }) { + if ($i == 0) { + push @accts, undef; + next; + } + my $acct = $self->Decrypt($self->{'records'}->[$i], $pass); + if ( ! $acct ) { + croak("Couldn't decrypt $self->{'records'}->[$i]->{'data'}"); + } + push @accts, $acct; + } + + if ( ! $self->_password_update($new_pass)) { + croak("Couldn't set new password!"); + } + $pass = $new_pass; + + foreach my $i (0..$#accts) { + next if $i == 0; + $self->Encrypt($self->{'records'}->[$i], $accts[$i], $pass); + } + } + + return $self->_password_verify($pass); } sub _calc_keys { @@ -231,18 +237,23 @@ return $digest; } -sub _keyring_verify { +sub _password_verify { my $self = shift; my $pass = shift; if (! $pass) { croak('No password specified!'); }; + if (defined $self->{'password'} && $pass eq $self->{'password'}) { + # already verified this password + return 1; + } + # AFAIK the thing we use to test the password is # always in the first entry my $data = $self->{'records'}->[0]->{'data'}; #die "No encrypted password in file!" unless defined $data; - if (! defined $data) { return; }; + if ( ! defined $data) { return; }; $data =~ s/$NULL$//xm; @@ -266,7 +277,7 @@ return; } -sub _keyring_update { +sub _password_update { # It is very important to Encrypt after calling this # (Although it is generally only called by Encrypt) @@ -275,15 +286,8 @@ my $self = shift; my $pass = shift; - if (! $pass) { croak('No password specified!'); }; + if (! defined $pass) { croak('No password specified!'); }; - # if the database already has a password in it - if ( $self->{'records'}->[0]->{'data'} ) { - - # Make sure everything is decrypted before we update the keyring - $self->Decrypt() || return; - } - my $salt; for ( 1 .. $kSalt_Size ) { $salt .= chr int rand 255; @@ -329,7 +333,7 @@ #print "PT: '$pt' - Length: " . length($pt) . "\n"; if (! length $pt) { next; }; if ( (length $pt) < 8 ) { - if ($flag == $DECRYPT) { croak('record not 8 byte padded'); }; + if ($flag == $DECRYPT) { croak('record not 8 byte padded'); }; my $len = 8 - (length $pt); #print "LENGTH: $len\n"; @@ -377,81 +381,84 @@ It has the standard Palm::PDB methods with 2 additional public methods. Decrypt and Encrypt. -It currently supports the v4 Keyring databases. The v5 databases from the pre-release keyring-2.0 are not supported. +It currently supports the v4 Keyring databases. The v5 databases from +the pre-release keyring-2.0 are not supported. +This module doesn't store the decrypted content. It only keeps it until it +returns it to you or encrypts it. + =head1 SYNOPSIS - use Palm::PDB; - use Palm::Keyring; - my $pdb = new Palm::PDB; - $pdb->Load($file); - foreach my $rec (@{ $pdb->{'records'} }) { - print "$rec->{'plaintext'}->{'name'}\n"; - } - $pdb->Decrypt($password); - # do something with the decrypted parts + use Palm::PDB; + use Palm::Keyring; + + my $pass = 'password'; + my $pdb = new Palm::PDB; + $pdb->Load($file); + + foreach (0..$#{ $pdb->{'records'} }) { + next if $_ = 0; # skip the password record + my $rec = $pdb->{'records'}->[$_]; + my $acct = $pdb->Decrypt($rec, $pass); + print $rec->{'data'}, ' - ', $acct->{'account'}, "\n"; + } =head1 SUBROUTINES/METHODS =head2 new - $pdb = new Palm::Keyring([$password]); + $pdb = new Palm::Keyring([$password]); Create a new PDB, initialized with the various Palm::Keyring fields and an empty record list. Use this method if you're creating a Keyring PDB from scratch otherwise you -can just use Palm::PDB::new(). +can just use Palm::PDB::new() before calling Load(). -=head2 Load +=head2 Encrypt - $pdb->Load($filename[, $password]); + $pdb->Encrypt($rec, $acct, [$password]); -Overrides the standard Palm::Raw Load() to add -$rec->{'plaintext'}->{'name'} and -$rec->{'encrypted'} fields. -$rec->{'plaintext'}->{'name'} holds the name of the record, -$rec->{'encrypted'} is the encrypted information in the PDB. +Encrypts an account into a record, either with the password previously +used, or with a password that is passed. -It also takes an additional optional parameter, which is the password to use to -decrypt the database. +$rec is a record from $pdb->{'records'} or a newly generated record. +$acct is a hashref in the format below. -See Decrypt() for the additional fields that are available after decryption. + my $acct = { + account => $account, + password => $password, + notes => $notes, + }; -=head2 Write +=head2 Decrypt - $pdb->Write($filename[, $password]); + my $acct = $pdb->Decrypt($rec[, $password]); -Just like the Palm::Raw::Write() but encrypts everything before saving. +Decrypts the record and returns a hashref for the account as described +under Encrypt(); -Also takes an optional password to encrypt with a new password, not needed -unless you are changing the password. + foreach (0..$#{ $pdb->{'records'}) { + next if $_ == 0; + my $rec = $pdb->{'records'}->[$_]; + my $acct = $pdb->Decrypt($rec[, $password]); + # do something with $acct + } -=head2 Encrypt +=head2 Password - $pdb->Encrypt([$password]); + $pdb->Password([$password[, $new_password]]); -Encrypts the PDB, either with the password used to decrypt or create it, or -optionally with a password that is passed. +Either sets the password to be used to crypt, or if you pass $new_password, +changes the password on the database. -See Decrypt() for an what plaintext fields are available to be encrypted. +If you have created a new $pdb, and you didn't set a password when you +called new(), you only need to pass one password and it will set that as +the password. -=head2 Decrypt +If nothing is passed, and there has been a password used before, +it just verifies that the password was correct. - $pdb->Decrypt([$password]); - -Decrypts the PDB and fills out the rest of the fields available in -$rec->{'plaintext'}. - -The plaintext should now be this, before encryption or after decryption: - - $rec->{'plaintext'} = { - name => $name, - account => $account, - password => $account_password, - description => $description, - }; - =head1 DEPENDENCIES Palm::StdAppInfo @@ -476,13 +483,10 @@ =head1 LICENSE AND COPYRIGHT -You may distribute this file under the terms of perl itself -as specified in the LICENSE file. - Copyright 2004, 2005, 2006, 2007 Andrew Fresh, All Rights Reserved. -This program is free software; you can redistribute it and/or modify it -under the same terms as Perl itself. +This program is free software; you can redistribute it and/or +modify it under the same terms as Perl itself. =head1 SEE ALSO