From 3c5cb1673a0f49594d9c7b82c9f8ebc399fc5150 Mon Sep 17 00:00:00 2001 From: Maarten Billemont Date: Tue, 1 Aug 2017 08:31:39 -0400 Subject: [PATCH] Split the API into the three distinct phases of the mpw algorithm. --- core/c/mpw-algorithm.c | 39 ++++++++++++++++------ core/c/mpw-algorithm.h | 17 ++++++---- core/c/mpw-algorithm_v0.c | 33 +++++++++++------- core/c/mpw-algorithm_v1.c | 33 ++++++++++-------- core/c/mpw-algorithm_v2.c | 33 ++++++++++-------- core/c/mpw-algorithm_v3.c | 35 +++++++++++-------- core/c/mpw-marshall-util.c | 2 +- core/c/mpw-marshall.c | 19 +++++++---- core/c/mpw-types.h | 4 ++- core/c/mpw-util.c | 5 ++- core/c/mpw-util.h | 2 +- platform-darwin/Source/MPAlgorithmV0.m | 2 +- platform-independent/cli-c/cli/mpw-bench.c | 13 +++++--- platform-independent/cli-c/cli/mpw-cli.c | 7 ++-- platform-independent/cli-c/cli/mpw-tests.c | 11 +++--- 15 files changed, 163 insertions(+), 92 deletions(-) diff --git a/core/c/mpw-algorithm.c b/core/c/mpw-algorithm.c index f09b1f55..9d428058 100644 --- a/core/c/mpw-algorithm.c +++ b/core/c/mpw-algorithm.c @@ -22,12 +22,7 @@ #include "mpw-algorithm_v2.c" #include "mpw-algorithm_v3.c" -#define MP_N 32768 -#define MP_r 8 -#define MP_p 2 -#define MP_hash PearlHashSHA256 - -MPMasterKey mpw_masterKeyForUser(const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion) { +MPMasterKey mpw_masterKey(const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion) { if (!fullName || !masterPassword) return NULL; @@ -47,7 +42,8 @@ MPMasterKey mpw_masterKeyForUser(const char *fullName, const char *masterPasswor } } -const char *mpw_passwordForSite(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, +MPSiteKey mpw_siteKey( + MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter, const MPSiteVariant siteVariant, const char *siteContext, const MPAlgorithmVersion algorithmVersion) { if (!masterKey || !siteName) @@ -55,13 +51,34 @@ const char *mpw_passwordForSite(MPMasterKey masterKey, const char *siteName, con switch (algorithmVersion) { case MPAlgorithmVersion0: - return mpw_passwordForSite_v0( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext ); + return mpw_siteKey_v0( masterKey, siteName, siteCounter, siteVariant, siteContext ); case MPAlgorithmVersion1: - return mpw_passwordForSite_v1( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext ); + return mpw_siteKey_v1( masterKey, siteName, siteCounter, siteVariant, siteContext ); case MPAlgorithmVersion2: - return mpw_passwordForSite_v2( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext ); + return mpw_siteKey_v2( masterKey, siteName, siteCounter, siteVariant, siteContext ); case MPAlgorithmVersion3: - return mpw_passwordForSite_v3( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext ); + return mpw_siteKey_v3( masterKey, siteName, siteCounter, siteVariant, siteContext ); + default: + ftl( "Unsupported version: %d", algorithmVersion ); + return NULL; + } +} + +const char *mpw_sitePassword( + MPSiteKey siteKey, const MPSiteType siteType, const MPAlgorithmVersion algorithmVersion) { + + if (!siteKey) + return NULL; + + switch (algorithmVersion) { + case MPAlgorithmVersion0: + return mpw_sitePassword_v0( siteKey, siteType ); + case MPAlgorithmVersion1: + return mpw_sitePassword_v1( siteKey, siteType ); + case MPAlgorithmVersion2: + return mpw_sitePassword_v2( siteKey, siteType ); + case MPAlgorithmVersion3: + return mpw_sitePassword_v3( siteKey, siteType ); default: ftl( "Unsupported version: %d", algorithmVersion ); return NULL; diff --git a/core/c/mpw-algorithm.h b/core/c/mpw-algorithm.h index 54ff197c..59bc7b4e 100644 --- a/core/c/mpw-algorithm.h +++ b/core/c/mpw-algorithm.h @@ -38,14 +38,19 @@ typedef enum( unsigned int, MPAlgorithmVersion ) { }; /** Derive the master key for a user based on their name and master password. - * @return A new MP_dkLen-byte allocated buffer or NULL if an allocation error occurred. */ -MPMasterKey mpw_masterKeyForUser( + * @return A new MPMasterKeySize-byte allocated buffer or NULL if an error occurred. */ +MPMasterKey mpw_masterKey( const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion); -/** Encode a password for the site from the given master key and site parameters. - * @return A newly allocated string or NULL if an allocation error occurred. */ -const char *mpw_passwordForSite( - MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, +/** Derive the site key for a user's site from the given master key and site parameters. + * @return A new MPSiteKeySize-byte allocated buffer or NULL if an error occurred. */ +MPSiteKey mpw_siteKey( + MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter, const MPSiteVariant siteVariant, const char *siteContext, const MPAlgorithmVersion algorithmVersion); +/** Encode a password for the site from the given site key. + * @return A newly allocated string or NULL if an error occurred. */ +const char *mpw_sitePassword( + MPSiteKey siteKey, const MPSiteType siteType, const MPAlgorithmVersion algorithmVersion); + #endif // _MPW_ALGORITHM_H diff --git a/core/c/mpw-algorithm_v0.c b/core/c/mpw-algorithm_v0.c index 7ae392e0..de5684d4 100644 --- a/core/c/mpw-algorithm_v0.c +++ b/core/c/mpw-algorithm_v0.c @@ -77,15 +77,15 @@ static MPMasterKey mpw_masterKeyForUser_v0(const char *fullName, const char *mas return masterKey; } -static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, +static MPSiteKey mpw_siteKey_v0( + MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter, const MPSiteVariant siteVariant, const char *siteContext) { const char *siteScope = mpw_scopeForVariant( siteVariant ); - trc( "algorithm: v%d\n", 0 ); + trc( "-- mpw_siteKey_v0\n" ); trc( "siteName: %s\n", siteName ); trc( "siteCounter: %d\n", siteCounter ); trc( "siteVariant: %d\n", siteVariant ); - trc( "siteType: %d\n", siteType ); trc( "site scope: %s, context: %s\n", siteScope, siteContext? "": siteContext ); trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n", siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName, @@ -93,7 +93,7 @@ static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *sit mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext ); // Calculate the site seed. - // sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) + // siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) size_t sitePasswordInfoSize = 0; uint8_t *sitePasswordInfo = NULL; mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope ); @@ -110,31 +110,40 @@ static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *sit } trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) ); - const char *sitePasswordSeed = (const char *)mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); + MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); mpw_free( sitePasswordInfo, sitePasswordInfoSize ); - if (!sitePasswordSeed) { + if (!siteKey) { ftl( "Could not allocate site seed: %d\n", errno ); return NULL; } - trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) ); + trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) ); + + return siteKey; +} + +static const char *mpw_sitePassword_v0( + MPSiteKey siteKey, const MPSiteType siteType) { + + trc( "-- mpw_sitePassword_v0\n" ); + trc( "siteType: %d\n", siteType ); // Determine the template. - const char *template = mpw_templateForType_v0( siteType, htons( sitePasswordSeed[0] ) ); + const char *_siteKey = (const char *)siteKey; + const char *template = mpw_templateForType_v0( siteType, htons( _siteKey[0] ) ); trc( "type %d, template: %s\n", siteType, template ); if (strlen( template ) > 32) { ftl( "Template too long for password seed: %lu", strlen( template ) ); - mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); + mpw_free( _siteKey, sizeof( _siteKey ) ); return NULL; } // Encode the password from the seed using the template. char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) ); for (size_t c = 0; c < strlen( template ); ++c) { - sitePassword[c] = mpw_characterFromClass_v0( template[c], htons( sitePasswordSeed[c + 1] ) ); + sitePassword[c] = mpw_characterFromClass_v0( template[c], htons( _siteKey[c + 1] ) ); trc( "class %c, index %u (0x%02X) -> character: %c\n", - template[c], htons( sitePasswordSeed[c + 1] ), htons( sitePasswordSeed[c + 1] ), sitePassword[c] ); + template[c], htons( _siteKey[c + 1] ), htons( _siteKey[c + 1] ), sitePassword[c] ); } - mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); return sitePassword; } diff --git a/core/c/mpw-algorithm_v1.c b/core/c/mpw-algorithm_v1.c index 19fa8d88..6b987daa 100644 --- a/core/c/mpw-algorithm_v1.c +++ b/core/c/mpw-algorithm_v1.c @@ -26,7 +26,6 @@ #define MP_N 32768 #define MP_r 8 #define MP_p 2 -#define MP_hash PearlHashSHA256 static MPMasterKey mpw_masterKeyForUser_v1(const char *fullName, const char *masterPassword) { @@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v1(const char *fullName, const char *mas return masterKey; } -static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, +static MPSiteKey mpw_siteKey_v1( + MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter, const MPSiteVariant siteVariant, const char *siteContext) { const char *siteScope = mpw_scopeForVariant( siteVariant ); - trc( "algorithm: v%d\n", 1 ); + trc( "-- mpw_siteKey_v1\n" ); trc( "siteName: %s\n", siteName ); trc( "siteCounter: %d\n", siteCounter ); trc( "siteVariant: %d\n", siteVariant ); - trc( "siteType: %d\n", siteType ); trc( "site scope: %s, context: %s\n", siteScope, siteContext? "": siteContext ); trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n", siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName, @@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *sit mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext ); // Calculate the site seed. - // sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) + // siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) size_t sitePasswordInfoSize = 0; uint8_t *sitePasswordInfo = NULL; mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope ); @@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *sit } trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) ); - const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); + MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); mpw_free( sitePasswordInfo, sitePasswordInfoSize ); - if (!sitePasswordSeed) { + if (!siteKey) { ftl( "Could not allocate site seed: %d\n", errno ); return NULL; } - trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) ); + trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) ); + + return siteKey; +} + +static const char *mpw_sitePassword_v1( + MPSiteKey siteKey, const MPSiteType siteType) { + + trc( "-- mpw_sitePassword_v1\n" ); + trc( "siteType: %d\n", siteType ); // Determine the template. - const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] ); + const char *template = mpw_templateForType( siteType, siteKey[0] ); trc( "type %d, template: %s\n", siteType, template ); if (strlen( template ) > 32) { ftl( "Template too long for password seed: %lu", strlen( template ) ); - mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); + mpw_free( siteKey, sizeof( siteKey ) ); return NULL; } // Encode the password from the seed using the template. char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) ); for (size_t c = 0; c < strlen( template ); ++c) { - sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] ); - trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1], + sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] ); + trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1], sitePassword[c] ); } - mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); return sitePassword; } diff --git a/core/c/mpw-algorithm_v2.c b/core/c/mpw-algorithm_v2.c index 16354530..e59b3773 100644 --- a/core/c/mpw-algorithm_v2.c +++ b/core/c/mpw-algorithm_v2.c @@ -26,7 +26,6 @@ #define MP_N 32768 #define MP_r 8 #define MP_p 2 -#define MP_hash PearlHashSHA256 static MPMasterKey mpw_masterKeyForUser_v2(const char *fullName, const char *masterPassword) { @@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v2(const char *fullName, const char *mas return masterKey; } -static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, +static MPSiteKey mpw_siteKey_v2( + MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter, const MPSiteVariant siteVariant, const char *siteContext) { const char *siteScope = mpw_scopeForVariant( siteVariant ); - trc( "algorithm: v%d\n", 2 ); + trc( "-- mpw_siteKey_v2\n" ); trc( "siteName: %s\n", siteName ); trc( "siteCounter: %d\n", siteCounter ); trc( "siteVariant: %d\n", siteVariant ); - trc( "siteType: %d\n", siteType ); trc( "site scope: %s, context: %s\n", siteScope, siteContext? "": siteContext ); trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n", siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName, @@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *sit mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext ); // Calculate the site seed. - // sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) + // siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) size_t sitePasswordInfoSize = 0; uint8_t *sitePasswordInfo = NULL; mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope ); @@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *sit } trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) ); - const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); + const uint8_t *siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); mpw_free( sitePasswordInfo, sitePasswordInfoSize ); - if (!sitePasswordSeed) { + if (!siteKey) { ftl( "Could not allocate site seed: %d\n", errno ); return NULL; } - trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) ); + trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) ); + + return siteKey; +} + +static const char *mpw_sitePassword_v2( + MPSiteKey siteKey, const MPSiteType siteType) { + + trc( "-- mpw_sitePassword_v2\n" ); + trc( "siteType: %d\n", siteType ); // Determine the template. - const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] ); + const char *template = mpw_templateForType( siteType, siteKey[0] ); trc( "type %d, template: %s\n", siteType, template ); if (strlen( template ) > 32) { ftl( "Template too long for password seed: %lu", strlen( template ) ); - mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); + mpw_free( siteKey, sizeof( siteKey ) ); return NULL; } // Encode the password from the seed using the template. char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) ); for (size_t c = 0; c < strlen( template ); ++c) { - sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] ); - trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1], + sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] ); + trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1], sitePassword[c] ); } - mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); return sitePassword; } diff --git a/core/c/mpw-algorithm_v3.c b/core/c/mpw-algorithm_v3.c index 96f48eba..5fe54e18 100644 --- a/core/c/mpw-algorithm_v3.c +++ b/core/c/mpw-algorithm_v3.c @@ -26,12 +26,11 @@ #define MP_N 32768 #define MP_r 8 #define MP_p 2 -#define MP_hash PearlHashSHA256 static MPMasterKey mpw_masterKeyForUser_v3(const char *fullName, const char *masterPassword) { const char *mpKeyScope = mpw_scopeForVariant( MPSiteVariantPassword ); - trc( "algorithm: v%d\n", 3 ); + trc( "-- mpw_masterKeyForUser_v3\n" ); trc( "fullName: %s (%zu)\n", fullName, strlen( fullName ) ); trc( "masterPassword: %s\n", masterPassword ); trc( "key scope: %s\n", mpKeyScope ); @@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v3(const char *fullName, const char *mas return masterKey; } -static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, +static MPSiteKey mpw_siteKey_v3( + MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter, const MPSiteVariant siteVariant, const char *siteContext) { const char *siteScope = mpw_scopeForVariant( siteVariant ); - trc( "algorithm: v%d\n", 3 ); + trc( "-- mpw_siteKey_v3\n" ); trc( "siteName: %s\n", siteName ); trc( "siteCounter: %d\n", siteCounter ); trc( "siteVariant: %d\n", siteVariant ); - trc( "siteType: %d\n", siteType ); trc( "site scope: %s, context: %s\n", siteScope, siteContext? "": siteContext ); trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n", siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName, @@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *sit mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext ); // Calculate the site seed. - // sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) + // siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) size_t sitePasswordInfoSize = 0; uint8_t *sitePasswordInfo = NULL; mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope ); @@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *sit } trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) ); - const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); + MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); mpw_free( sitePasswordInfo, sitePasswordInfoSize ); - if (!sitePasswordSeed) { + if (!siteKey) { ftl( "Could not allocate site seed: %d\n", errno ); return NULL; } - trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) ); + trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) ); + + return siteKey; +} + +static const char *mpw_sitePassword_v3( + MPSiteKey siteKey, const MPSiteType siteType) { + + trc( "-- mpw_sitePassword_v3\n" ); + trc( "siteType: %d\n", siteType ); // Determine the template. - const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] ); + const char *template = mpw_templateForType( siteType, siteKey[0] ); trc( "type %d, template: %s\n", siteType, template ); if (strlen( template ) > 32) { ftl( "Template too long for password seed: %lu", strlen( template ) ); - mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); + mpw_free( siteKey, sizeof( siteKey ) ); return NULL; } // Encode the password from the seed using the template. char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) ); for (size_t c = 0; c < strlen( template ); ++c) { - sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] ); - trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1], + sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] ); + trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1], sitePassword[c] ); } - mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); return sitePassword; } diff --git a/core/c/mpw-marshall-util.c b/core/c/mpw-marshall-util.c index 885340e3..438ed048 100644 --- a/core/c/mpw-marshall-util.c +++ b/core/c/mpw-marshall-util.c @@ -102,7 +102,7 @@ bool mpw_update_masterKey(MPMasterKey *masterKey, MPAlgorithmVersion *masterKeyA if (*masterKeyAlgorithm != targetKeyAlgorithm) { mpw_free( *masterKey, MPMasterKeySize ); *masterKeyAlgorithm = targetKeyAlgorithm; - *masterKey = mpw_masterKeyForUser( + *masterKey = mpw_masterKey( fullName, masterPassword, *masterKeyAlgorithm ); if (!*masterKey) { err( "Couldn't derive master key for user %s, algorithm %d.\n", fullName, *masterKeyAlgorithm ); diff --git a/core/c/mpw-marshall.c b/core/c/mpw-marshall.c index 8576fa00..65380b12 100644 --- a/core/c/mpw-marshall.c +++ b/core/c/mpw-marshall.c @@ -170,8 +170,11 @@ static bool mpw_marshall_write_flat( return false; } - if (site.type & MPSiteTypeClassGenerated) - content = mpw_passwordForSite( masterKey, site.name, site.type, site.counter, MPSiteVariantPassword, NULL, site.algorithm ); + if (site.type & MPSiteTypeClassGenerated) { + MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, site.counter, MPSiteVariantPassword, NULL, site.algorithm ); + content = mpw_sitePassword( siteKey, site.type, site.algorithm ); + mpw_free( siteKey, MPSiteKeySize ); + } else if (content) { // TODO: Decrypt Personal Passwords //content = aes128_cbc( masterKey, content ); @@ -250,8 +253,11 @@ static bool mpw_marshall_write_json( return false; } - if (site.type & MPSiteTypeClassGenerated) - content = mpw_passwordForSite( masterKey, site.name, site.type, site.counter, MPSiteVariantPassword, NULL, site.algorithm ); + if (site.type & MPSiteTypeClassGenerated) { + MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, site.counter, MPSiteVariantPassword, NULL, site.algorithm ); + content = mpw_sitePassword( siteKey, site.type, site.algorithm ); + mpw_free( siteKey, MPSiteKeySize ); + } else if (content) { // TODO: Decrypt Personal Passwords //content = aes128_cbc( masterKey, content ); @@ -284,8 +290,9 @@ static bool mpw_marshall_write_json( json_object_object_add( json_site_questions, question.keyword, json_site_question ); if (!user->redacted) { - const char *answer = mpw_passwordForSite( masterKey, site.name, MPSiteTypeGeneratedPhrase, 1, - MPSiteVariantAnswer, question.keyword, site.algorithm ); + MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, 1, MPSiteVariantAnswer, question.keyword, site.algorithm ); + const char *answer = mpw_sitePassword( siteKey, MPSiteTypeGeneratedPhrase, site.algorithm ); + mpw_free( siteKey, MPSiteKeySize ); if (answer) json_object_object_add( json_site_question, "answer", json_object_new_string( answer ) ); } diff --git a/core/c/mpw-types.h b/core/c/mpw-types.h index e6043e85..9d557fe2 100644 --- a/core/c/mpw-types.h +++ b/core/c/mpw-types.h @@ -33,7 +33,9 @@ #define MPMasterKeySize 64 typedef const uint8_t *MPMasterKey; -typedef const char *MPMasterKeyID; +#define MPSiteKeySize 256 / 8 // Bytes in HMAC-SHA-256 +typedef const uint8_t *MPSiteKey; +typedef const char *MPKeyID; typedef enum( unsigned int, MPSiteVariant ) { /** Generate a key for authentication. */ diff --git a/core/c/mpw-util.c b/core/c/mpw-util.c index 67807cee..465755be 100644 --- a/core/c/mpw-util.c +++ b/core/c/mpw-util.c @@ -136,7 +136,10 @@ uint8_t const *mpw_hmac_sha256(const uint8_t *key, const size_t keySize, const u return NULL; } -const char *mpw_id_buf(const void *buf, size_t length) { +MPKeyID mpw_id_buf(const void *buf, size_t length) { + + if (!buf) + return ""; #if HAS_CPERCIVA uint8_t hash[32]; diff --git a/core/c/mpw-util.h b/core/c/mpw-util.h index d0197453..e7475313 100644 --- a/core/c/mpw-util.h +++ b/core/c/mpw-util.h @@ -122,7 +122,7 @@ const char *mpw_hex(const void *buf, size_t length); const char *mpw_hex_l(uint32_t number); /** Encode a fingerprint for a buffer. * @return A C-string in a reused buffer, do not free or store it. */ -const char *mpw_id_buf(const void *buf, size_t length); +MPKeyID mpw_id_buf(const void *buf, size_t length); /** Compare two fingerprints for equality. * @return true if the buffers represent identical fingerprints. */ bool mpw_id_buf_equals(const char *id1, const char *id2); diff --git a/platform-darwin/Source/MPAlgorithmV0.m b/platform-darwin/Source/MPAlgorithmV0.m index 03c23e1e..f5c065d5 100644 --- a/platform-darwin/Source/MPAlgorithmV0.m +++ b/platform-darwin/Source/MPAlgorithmV0.m @@ -128,7 +128,7 @@ static NSOperationQueue *_mpwQueue = nil; __block NSData *keyData; [self mpw_perform:^{ NSDate *start = [NSDate date]; - MPMasterKey masterKey = mpw_masterKeyForUser( fullName.UTF8String, masterPassword.UTF8String, [self version] ); + MPMasterKey masterKey = mpw_masterKey( fullName.UTF8String, masterPassword.UTF8String, [self version] ); if (masterKey) { keyData = [NSData dataWithBytes:masterKey length:MPMasterKeySize]; trc( @"User: %@, password: %@ derives to key ID: %@ (took %0.2fs)", // diff --git a/platform-independent/cli-c/cli/mpw-bench.c b/platform-independent/cli-c/cli/mpw-bench.c index 737dc437..ed0eb4a7 100644 --- a/platform-independent/cli-c/cli/mpw-bench.c +++ b/platform-independent/cli-c/cli/mpw-bench.c @@ -64,7 +64,7 @@ int main(int argc, char *const argv[]) { // Similar to phase-two of mpw uint8_t *sitePasswordInfo = malloc( 128 ); iterations = 3000000; - masterKey = mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent ); + masterKey = mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent ); if (!masterKey) ftl( "Could not allocate master key: %d\n", errno ); mpw_getTime( &startTime ); @@ -95,7 +95,7 @@ int main(int argc, char *const argv[]) { iterations = 50; mpw_getTime( &startTime ); for (int i = 1; i <= iterations; ++i) { - free( (void *)mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent ) ); + free( (void *)mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent ) ); if (modff(100.f * i / iterations, &percent) == 0) fprintf( stderr, "\rscrypt_mpw: iteration %d / %d (%.0f%%)..", i, iterations, percent ); @@ -107,13 +107,16 @@ int main(int argc, char *const argv[]) { iterations = 50; mpw_getTime( &startTime ); for (int i = 1; i <= iterations; ++i) { - masterKey = mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent ); + masterKey = mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent ); if (!masterKey) ftl( "Could not allocate master key: %d\n", errno ); - free( (void *)mpw_passwordForSite( - masterKey, siteName, siteType, siteCounter, siteVariant, siteContext, MPAlgorithmVersionCurrent ) ); + MPSiteKey siteKey = mpw_siteKey( + masterKey, siteName, siteCounter, siteVariant, siteContext, MPAlgorithmVersionCurrent ); + free( (void *)mpw_sitePassword( + siteKey, siteType, MPAlgorithmVersionCurrent ) ); free( (void *)masterKey ); + free( (void *)siteKey ); if (modff(100.f * i / iterations, &percent) == 0) fprintf( stderr, "\rmpw: iteration %d / %d (%.0f%%)..", i, iterations, percent ); diff --git a/platform-independent/cli-c/cli/mpw-cli.c b/platform-independent/cli-c/cli/mpw-cli.c index ba14b029..c06adaf8 100644 --- a/platform-independent/cli-c/cli/mpw-cli.c +++ b/platform-independent/cli-c/cli/mpw-cli.c @@ -311,16 +311,17 @@ int main(int argc, char *const argv[]) { mpw_free_string( identicon ); // Output the password. - MPMasterKey masterKey = mpw_masterKeyForUser( + MPMasterKey masterKey = mpw_masterKey( fullName, masterPassword, algorithmVersion ); mpw_free_string( masterPassword ); mpw_free_string( fullName ); if (!masterKey) ftl( "Couldn't derive master key." ); - const char *sitePassword = mpw_passwordForSite( - masterKey, siteName, siteType, siteCounter, siteVariant, siteContextArg, algorithmVersion ); + MPSiteKey siteKey = mpw_siteKey( masterKey, siteName, siteCounter, siteVariant, siteContextArg, algorithmVersion ); + const char *sitePassword = mpw_sitePassword(siteKey, siteType, algorithmVersion ); mpw_free( masterKey, MPMasterKeySize ); + mpw_free( siteKey, MPSiteKeySize ); mpw_free_string( siteName ); if (!sitePassword) ftl( "Couldn't derive site password." ); diff --git a/platform-independent/cli-c/cli/mpw-tests.c b/platform-independent/cli-c/cli/mpw-tests.c index 47d4ae35..dbf9315e 100644 --- a/platform-independent/cli-c/cli/mpw-tests.c +++ b/platform-independent/cli-c/cli/mpw-tests.c @@ -24,7 +24,7 @@ int main(int argc, char *const argv[]) { // Read in the test case. xmlChar *id = mpw_xmlTestCaseString( testCase, "id" ); - uint32_t algorithm = mpw_xmlTestCaseInteger( testCase, "algorithm" ); + MPAlgorithmVersion algorithm = (MPAlgorithmVersion)mpw_xmlTestCaseInteger( testCase, "algorithm" ); xmlChar *fullName = mpw_xmlTestCaseString( testCase, "fullName" ); xmlChar *masterPassword = mpw_xmlTestCaseString( testCase, "masterPassword" ); xmlChar *keyID = mpw_xmlTestCaseString( testCase, "keyID" ); @@ -46,15 +46,18 @@ int main(int argc, char *const argv[]) { } // 1. calculate the master key. - MPMasterKey masterKey = mpw_masterKeyForUser( + MPMasterKey masterKey = mpw_masterKey( (char *)fullName, (char *)masterPassword, algorithm ); if (!masterKey) ftl( "Couldn't derive master key." ); // 2. calculate the site password. - const char *sitePassword = mpw_passwordForSite( - masterKey, (char *)siteName, siteType, siteCounter, siteVariant, (char *)siteContext, algorithm ); + MPSiteKey siteKey = mpw_siteKey( + masterKey, (char *)siteName, siteCounter, siteVariant, (char *)siteContext, algorithm ); + const char *sitePassword = mpw_sitePassword( + siteKey, siteType, algorithm ); mpw_free( masterKey, MPMasterKeySize ); + mpw_free( siteKey, MPSiteKeySize ); if (!sitePassword) ftl( "Couldn't derive site password." );