2017-04-05 20:56:22 +00:00
|
|
|
//==============================================================================
|
|
|
|
// This file is part of Master Password.
|
|
|
|
// Copyright (c) 2011-2017, Maarten Billemont.
|
2015-01-15 22:43:41 +00:00
|
|
|
//
|
2017-04-05 20:56:22 +00:00
|
|
|
// Master Password is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
2015-01-15 22:43:41 +00:00
|
|
|
//
|
2017-04-05 20:56:22 +00:00
|
|
|
// Master Password is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
2015-01-15 22:43:41 +00:00
|
|
|
//
|
2017-04-05 20:56:22 +00:00
|
|
|
// You can find a copy of the GNU General Public License in the
|
|
|
|
// LICENSE file. Alternatively, see <http://www.gnu.org/licenses/>.
|
|
|
|
//==============================================================================
|
2015-01-15 22:43:41 +00:00
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <errno.h>
|
2017-08-30 13:35:55 +00:00
|
|
|
#include <time.h>
|
2015-01-15 22:43:41 +00:00
|
|
|
|
|
|
|
#include "mpw-util.h"
|
2017-08-05 21:33:45 +00:00
|
|
|
#include "base64.h"
|
2015-01-15 22:43:41 +00:00
|
|
|
|
2017-08-06 15:40:10 +00:00
|
|
|
#define MP_N 32768LU
|
|
|
|
#define MP_r 8U
|
|
|
|
#define MP_p 2U
|
2017-08-30 13:35:55 +00:00
|
|
|
#define MP_otp_window 5 * 60 /* s */
|
2015-01-15 22:43:41 +00:00
|
|
|
|
2017-08-06 15:40:10 +00:00
|
|
|
// Algorithm version helpers.
|
2017-08-27 11:46:34 +00:00
|
|
|
static const char *mpw_templateForType_v0(MPResultType type, uint16_t templateIndex) {
|
2015-01-17 16:17:16 +00:00
|
|
|
|
|
|
|
size_t count = 0;
|
|
|
|
const char **templates = mpw_templatesForType( type, &count );
|
2017-08-27 11:46:34 +00:00
|
|
|
char const *template = templates && count? templates[templateIndex % count]: NULL;
|
2016-11-03 14:31:07 +00:00
|
|
|
free( templates );
|
|
|
|
return template;
|
2015-01-17 16:17:16 +00:00
|
|
|
}
|
|
|
|
|
2017-08-27 11:46:34 +00:00
|
|
|
static const char mpw_characterFromClass_v0(char characterClass, uint16_t classIndex) {
|
2015-01-17 16:17:16 +00:00
|
|
|
|
|
|
|
const char *classCharacters = mpw_charactersInClass( characterClass );
|
2017-08-02 18:26:41 +00:00
|
|
|
if (!classCharacters)
|
|
|
|
return '\0';
|
|
|
|
|
2017-08-27 11:46:34 +00:00
|
|
|
return classCharacters[classIndex % strlen( classCharacters )];
|
2015-01-17 16:17:16 +00:00
|
|
|
}
|
|
|
|
|
2017-08-06 15:40:10 +00:00
|
|
|
// Algorithm version overrides.
|
|
|
|
static MPMasterKey mpw_masterKey_v0(
|
|
|
|
const char *fullName, const char *masterPassword) {
|
2015-01-15 22:43:41 +00:00
|
|
|
|
2017-08-06 15:40:10 +00:00
|
|
|
const char *keyScope = mpw_scopeForPurpose( MPKeyPurposeAuthentication );
|
|
|
|
trc( "keyScope: %s\n", keyScope );
|
2015-01-15 22:43:41 +00:00
|
|
|
|
|
|
|
// Calculate the master key salt.
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( "masterKeySalt: keyScope=%s | #fullName=%s | fullName=%s\n",
|
2017-08-27 13:04:18 +00:00
|
|
|
keyScope, mpw_hex_l( (uint32_t)mpw_utf8_strlen( fullName ) ), fullName );
|
2015-01-15 22:43:41 +00:00
|
|
|
size_t masterKeySaltSize = 0;
|
|
|
|
uint8_t *masterKeySalt = NULL;
|
2017-08-06 15:40:10 +00:00
|
|
|
mpw_push_string( &masterKeySalt, &masterKeySaltSize, keyScope );
|
2017-08-27 13:04:18 +00:00
|
|
|
mpw_push_int( &masterKeySalt, &masterKeySaltSize, (uint32_t)mpw_utf8_strlen( fullName ) );
|
2016-11-03 14:04:18 +00:00
|
|
|
mpw_push_string( &masterKeySalt, &masterKeySaltSize, fullName );
|
2015-01-15 22:43:41 +00:00
|
|
|
if (!masterKeySalt) {
|
2017-08-04 13:36:03 +00:00
|
|
|
err( "Could not allocate master key salt: %s\n", strerror( errno ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( " => masterKeySalt.id: %s\n", mpw_id_buf( masterKeySalt, masterKeySaltSize ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
|
|
|
|
// Calculate the master key.
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( "masterKey: scrypt( masterPassword, masterKeySalt, N=%lu, r=%u, p=%u )\n", MP_N, MP_r, MP_p );
|
2017-08-10 16:30:42 +00:00
|
|
|
MPMasterKey masterKey = mpw_kdf_scrypt( MPMasterKeySize, masterPassword, masterKeySalt, masterKeySaltSize, MP_N, MP_r, MP_p );
|
2017-08-23 04:01:23 +00:00
|
|
|
mpw_free( &masterKeySalt, masterKeySaltSize );
|
2015-01-15 22:43:41 +00:00
|
|
|
if (!masterKey) {
|
2017-08-04 13:36:03 +00:00
|
|
|
err( "Could not allocate master key: %s\n", strerror( errno ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( " => masterKey.id: %s\n", mpw_id_buf( masterKey, MPMasterKeySize ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
|
|
|
|
return masterKey;
|
|
|
|
}
|
|
|
|
|
2017-08-01 12:31:39 +00:00
|
|
|
static MPSiteKey mpw_siteKey_v0(
|
2017-08-08 00:27:08 +00:00
|
|
|
MPMasterKey masterKey, const char *siteName, const MPCounterValue siteCounter,
|
2017-08-01 17:45:54 +00:00
|
|
|
const MPKeyPurpose keyPurpose, const char *keyContext) {
|
2015-01-15 22:43:41 +00:00
|
|
|
|
2017-08-01 17:45:54 +00:00
|
|
|
const char *keyScope = mpw_scopeForPurpose( keyPurpose );
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( "keyScope: %s\n", keyScope );
|
2015-01-15 22:43:41 +00:00
|
|
|
|
2017-08-30 13:35:55 +00:00
|
|
|
// OTP counter value.
|
|
|
|
if (siteCounter == MPCounterValueTOTP)
|
|
|
|
siteCounter = ((uint32_t)time(NULL) / MP_otp_window) * MP_otp_window;
|
2017-08-08 00:27:08 +00:00
|
|
|
|
2015-01-15 22:43:41 +00:00
|
|
|
// Calculate the site seed.
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( "siteSalt: keyScope=%s | #siteName=%s | siteName=%s | siteCounter=%s | #keyContext=%s | keyContext=%s\n",
|
2017-08-27 13:04:18 +00:00
|
|
|
keyScope, mpw_hex_l( (uint32_t)mpw_utf8_strlen( siteName ) ), siteName, mpw_hex_l( siteCounter ),
|
|
|
|
keyContext? mpw_hex_l( (uint32_t)mpw_utf8_strlen( keyContext ) ): NULL, keyContext );
|
2017-08-01 17:45:54 +00:00
|
|
|
size_t siteSaltSize = 0;
|
|
|
|
uint8_t *siteSalt = NULL;
|
|
|
|
mpw_push_string( &siteSalt, &siteSaltSize, keyScope );
|
2017-08-27 13:04:18 +00:00
|
|
|
mpw_push_int( &siteSalt, &siteSaltSize, (uint32_t)mpw_utf8_strlen( siteName ) );
|
2017-08-01 17:45:54 +00:00
|
|
|
mpw_push_string( &siteSalt, &siteSaltSize, siteName );
|
2017-08-27 11:46:34 +00:00
|
|
|
mpw_push_int( &siteSalt, &siteSaltSize, siteCounter );
|
2017-08-01 17:45:54 +00:00
|
|
|
if (keyContext) {
|
2017-08-27 13:04:18 +00:00
|
|
|
mpw_push_int( &siteSalt, &siteSaltSize, (uint32_t)mpw_utf8_strlen( keyContext ) );
|
2017-08-01 17:45:54 +00:00
|
|
|
mpw_push_string( &siteSalt, &siteSaltSize, keyContext );
|
2015-01-15 22:43:41 +00:00
|
|
|
}
|
2017-08-23 04:01:23 +00:00
|
|
|
if (!siteSalt) {
|
2017-08-04 13:36:03 +00:00
|
|
|
err( "Could not allocate site salt: %s\n", strerror( errno ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( " => siteSalt.id: %s\n", mpw_id_buf( siteSalt, siteSaltSize ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( "siteKey: hmac-sha256( masterKey.id=%s, siteSalt )\n",
|
|
|
|
mpw_id_buf( masterKey, MPMasterKeySize ) );
|
2017-08-10 16:30:42 +00:00
|
|
|
MPSiteKey siteKey = mpw_hash_hmac_sha256( masterKey, MPMasterKeySize, siteSalt, siteSaltSize );
|
2017-08-23 04:01:23 +00:00
|
|
|
mpw_free( &siteSalt, siteSaltSize );
|
2017-08-01 12:31:39 +00:00
|
|
|
if (!siteKey) {
|
2017-08-10 16:30:42 +00:00
|
|
|
err( "Could not derive site key: %s\n", strerror( errno ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( " => siteKey.id: %s\n", mpw_id_buf( siteKey, MPSiteKeySize ) );
|
2017-08-01 12:31:39 +00:00
|
|
|
|
|
|
|
return siteKey;
|
|
|
|
}
|
|
|
|
|
2017-08-10 16:30:42 +00:00
|
|
|
static const char *mpw_sitePasswordFromTemplate_v0(
|
|
|
|
MPMasterKey masterKey, MPSiteKey siteKey, const MPResultType resultType, const char *resultParam) {
|
2017-08-01 12:31:39 +00:00
|
|
|
|
2015-01-15 22:43:41 +00:00
|
|
|
// Determine the template.
|
2017-08-01 12:31:39 +00:00
|
|
|
const char *_siteKey = (const char *)siteKey;
|
2017-08-27 11:46:34 +00:00
|
|
|
uint16_t seedByte;
|
|
|
|
mpw_uint16( (uint16_t)_siteKey[0], (uint8_t *)&seedByte );
|
|
|
|
const char *template = mpw_templateForType_v0( resultType, seedByte );
|
|
|
|
trc( "template: %u => %s\n", seedByte, template );
|
2017-08-02 18:26:41 +00:00
|
|
|
if (!template)
|
|
|
|
return NULL;
|
2017-08-01 17:45:54 +00:00
|
|
|
if (strlen( template ) > MPSiteKeySize) {
|
2017-08-06 23:09:13 +00:00
|
|
|
err( "Template too long for password seed: %zu\n", strlen( template ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Encode the password from the seed using the template.
|
2017-08-27 11:46:34 +00:00
|
|
|
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
|
2015-01-15 22:43:41 +00:00
|
|
|
for (size_t c = 0; c < strlen( template ); ++c) {
|
2017-08-27 11:46:34 +00:00
|
|
|
mpw_uint16( (uint16_t)_siteKey[c + 1], (uint8_t *)&seedByte );
|
|
|
|
sitePassword[c] = mpw_characterFromClass_v0( template[c], seedByte );
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( " - class: %c, index: %5u (0x%02hX) => character: %c\n",
|
2017-08-27 11:46:34 +00:00
|
|
|
template[c], seedByte, seedByte, sitePassword[c] );
|
2015-01-15 22:43:41 +00:00
|
|
|
}
|
2017-08-06 15:40:10 +00:00
|
|
|
trc( " => password: %s\n", sitePassword );
|
2015-01-15 22:43:41 +00:00
|
|
|
|
|
|
|
return sitePassword;
|
|
|
|
}
|
2017-08-04 14:43:46 +00:00
|
|
|
|
2017-08-10 16:30:42 +00:00
|
|
|
static const char *mpw_sitePasswordFromCrypt_v0(
|
|
|
|
MPMasterKey masterKey, MPSiteKey siteKey, const MPResultType resultType, const char *cipherText) {
|
2017-08-04 14:43:46 +00:00
|
|
|
|
2017-08-10 16:30:42 +00:00
|
|
|
if (!cipherText) {
|
|
|
|
err( "Missing encrypted state.\n" );
|
2017-08-06 01:52:00 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
2017-08-04 14:43:46 +00:00
|
|
|
|
2017-08-05 21:33:45 +00:00
|
|
|
// Base64-decode
|
2017-08-06 22:56:37 +00:00
|
|
|
uint8_t *cipherBuf = calloc( 1, mpw_base64_decode_max( cipherText ) );
|
|
|
|
size_t bufSize = (size_t)mpw_base64_decode( cipherBuf, cipherText );
|
|
|
|
if ((int)bufSize < 0) {
|
2017-08-06 01:52:00 +00:00
|
|
|
err( "Base64 decoding error." );
|
2017-08-23 04:01:23 +00:00
|
|
|
mpw_free( &cipherBuf, mpw_base64_decode_max( cipherText ) );
|
2017-08-06 01:52:00 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
2017-08-06 22:56:37 +00:00
|
|
|
trc( "b64 decoded: %zu bytes = %s\n", bufSize, mpw_hex( cipherBuf, bufSize ) );
|
2017-08-05 21:33:45 +00:00
|
|
|
|
|
|
|
// Decrypt
|
2017-08-06 03:42:47 +00:00
|
|
|
const uint8_t *plainBytes = mpw_aes_decrypt( masterKey, MPMasterKeySize, cipherBuf, bufSize );
|
2017-08-23 04:01:23 +00:00
|
|
|
mpw_free( &cipherBuf, bufSize );
|
2017-08-06 03:42:47 +00:00
|
|
|
const char *plainText = strndup( (char *)plainBytes, bufSize );
|
2017-08-23 04:01:23 +00:00
|
|
|
mpw_free( &plainBytes, bufSize );
|
2017-08-06 01:52:00 +00:00
|
|
|
if (!plainText)
|
|
|
|
err( "AES decryption error: %s\n", strerror( errno ) );
|
2017-08-06 03:42:47 +00:00
|
|
|
trc( "decrypted -> plainText: %s = %s\n", plainText, mpw_hex( plainText, sizeof( plainText ) ) );
|
2017-08-05 21:33:45 +00:00
|
|
|
|
|
|
|
return plainText;
|
2017-08-04 14:43:46 +00:00
|
|
|
}
|
2017-08-10 16:30:42 +00:00
|
|
|
|
|
|
|
static const char *mpw_sitePasswordFromDerive_v0(
|
|
|
|
MPMasterKey masterKey, MPSiteKey siteKey, const MPResultType resultType, const char *resultParam) {
|
|
|
|
|
|
|
|
switch (resultType) {
|
|
|
|
case MPResultTypeDeriveKey: {
|
|
|
|
if (!resultParam) {
|
|
|
|
err( "Missing key size parameter.\n" );
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
int resultParamInt = atoi( resultParam );
|
2017-08-10 16:45:25 +00:00
|
|
|
if (resultParamInt < 128 || resultParamInt > 512 || resultParamInt % 8 != 0) {
|
|
|
|
err( "Parameter is not a valid key size (should be 128 - 512): %s\n", resultParam );
|
2017-08-10 16:30:42 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
uint16_t keySize = (uint16_t)(resultParamInt / 8);
|
|
|
|
trc( "keySize: %u\n", keySize );
|
|
|
|
|
|
|
|
// Derive key
|
|
|
|
const uint8_t *resultKey = mpw_kdf_blake2b( keySize, siteKey, MPSiteKeySize, NULL, 0, 0, NULL );
|
|
|
|
if (!resultKey) {
|
|
|
|
err( "Could not derive result key: %s\n", strerror( errno ) );
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Base64-encode
|
|
|
|
size_t b64Max = mpw_base64_encode_max( keySize );
|
2017-08-23 04:01:23 +00:00
|
|
|
char *b64Key = calloc( 1, b64Max + 1 );
|
|
|
|
if (mpw_base64_encode( b64Key, resultKey, keySize ) < 0) {
|
2017-08-10 16:30:42 +00:00
|
|
|
err( "Base64 encoding error." );
|
2017-08-23 04:01:23 +00:00
|
|
|
mpw_free_string( &b64Key );
|
2017-08-10 16:30:42 +00:00
|
|
|
}
|
2017-08-23 04:01:23 +00:00
|
|
|
else
|
|
|
|
trc( "b64 encoded -> key.id: %s\n", mpw_id_buf( b64Key, strlen( b64Key ) ) );
|
|
|
|
mpw_free( &resultKey, keySize );
|
2017-08-10 16:30:42 +00:00
|
|
|
|
2017-08-23 04:01:23 +00:00
|
|
|
return b64Key;
|
2017-08-10 16:30:42 +00:00
|
|
|
}
|
|
|
|
default:
|
|
|
|
err( "Unsupported derived password type: %d\n", resultType );
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static const char *mpw_siteState_v0(
|
|
|
|
MPMasterKey masterKey, MPSiteKey siteKey, const MPResultType resultType, const char *plainText) {
|
|
|
|
|
|
|
|
// Encrypt
|
|
|
|
size_t bufSize = strlen( plainText );
|
|
|
|
const uint8_t *cipherBuf = mpw_aes_encrypt( masterKey, MPMasterKeySize, (const uint8_t *)plainText, bufSize );
|
|
|
|
if (!cipherBuf) {
|
|
|
|
err( "AES encryption error: %s\n", strerror( errno ) );
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
trc( "cipherBuf: %zu bytes = %s\n", bufSize, mpw_hex( cipherBuf, bufSize ) );
|
|
|
|
|
|
|
|
// Base64-encode
|
|
|
|
size_t b64Max = mpw_base64_encode_max( bufSize );
|
|
|
|
char *cipherText = calloc( 1, b64Max + 1 );
|
|
|
|
if (mpw_base64_encode( cipherText, cipherBuf, bufSize ) < 0) {
|
|
|
|
err( "Base64 encoding error." );
|
2017-08-23 04:01:23 +00:00
|
|
|
mpw_free_string( &cipherText );
|
2017-08-10 16:30:42 +00:00
|
|
|
}
|
2017-08-23 04:01:23 +00:00
|
|
|
else
|
|
|
|
trc( "b64 encoded -> cipherText: %s = %s\n", cipherText, mpw_hex( cipherText, sizeof( cipherText ) ) );
|
|
|
|
mpw_free( &cipherBuf, bufSize );
|
2017-08-10 16:30:42 +00:00
|
|
|
|
|
|
|
return cipherText;
|
|
|
|
}
|