2
0

Split the API into the three distinct phases of the mpw algorithm.

This commit is contained in:
Maarten Billemont 2017-08-01 08:31:39 -04:00
parent 13107063df
commit 3c5cb1673a
15 changed files with 163 additions and 92 deletions

View File

@ -22,12 +22,7 @@
#include "mpw-algorithm_v2.c" #include "mpw-algorithm_v2.c"
#include "mpw-algorithm_v3.c" #include "mpw-algorithm_v3.c"
#define MP_N 32768 MPMasterKey mpw_masterKey(const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion) {
#define MP_r 8
#define MP_p 2
#define MP_hash PearlHashSHA256
MPMasterKey mpw_masterKeyForUser(const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion) {
if (!fullName || !masterPassword) if (!fullName || !masterPassword)
return NULL; return NULL;
@ -47,7 +42,8 @@ MPMasterKey mpw_masterKeyForUser(const char *fullName, const char *masterPasswor
} }
} }
const char *mpw_passwordForSite(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, MPSiteKey mpw_siteKey(
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
const MPSiteVariant siteVariant, const char *siteContext, const MPAlgorithmVersion algorithmVersion) { const MPSiteVariant siteVariant, const char *siteContext, const MPAlgorithmVersion algorithmVersion) {
if (!masterKey || !siteName) if (!masterKey || !siteName)
@ -55,13 +51,34 @@ const char *mpw_passwordForSite(MPMasterKey masterKey, const char *siteName, con
switch (algorithmVersion) { switch (algorithmVersion) {
case MPAlgorithmVersion0: case MPAlgorithmVersion0:
return mpw_passwordForSite_v0( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext ); return mpw_siteKey_v0( masterKey, siteName, siteCounter, siteVariant, siteContext );
case MPAlgorithmVersion1: case MPAlgorithmVersion1:
return mpw_passwordForSite_v1( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext ); return mpw_siteKey_v1( masterKey, siteName, siteCounter, siteVariant, siteContext );
case MPAlgorithmVersion2: case MPAlgorithmVersion2:
return mpw_passwordForSite_v2( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext ); return mpw_siteKey_v2( masterKey, siteName, siteCounter, siteVariant, siteContext );
case MPAlgorithmVersion3: case MPAlgorithmVersion3:
return mpw_passwordForSite_v3( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext ); return mpw_siteKey_v3( masterKey, siteName, siteCounter, siteVariant, siteContext );
default:
ftl( "Unsupported version: %d", algorithmVersion );
return NULL;
}
}
const char *mpw_sitePassword(
MPSiteKey siteKey, const MPSiteType siteType, const MPAlgorithmVersion algorithmVersion) {
if (!siteKey)
return NULL;
switch (algorithmVersion) {
case MPAlgorithmVersion0:
return mpw_sitePassword_v0( siteKey, siteType );
case MPAlgorithmVersion1:
return mpw_sitePassword_v1( siteKey, siteType );
case MPAlgorithmVersion2:
return mpw_sitePassword_v2( siteKey, siteType );
case MPAlgorithmVersion3:
return mpw_sitePassword_v3( siteKey, siteType );
default: default:
ftl( "Unsupported version: %d", algorithmVersion ); ftl( "Unsupported version: %d", algorithmVersion );
return NULL; return NULL;

View File

@ -38,14 +38,19 @@ typedef enum( unsigned int, MPAlgorithmVersion ) {
}; };
/** Derive the master key for a user based on their name and master password. /** Derive the master key for a user based on their name and master password.
* @return A new MP_dkLen-byte allocated buffer or NULL if an allocation error occurred. */ * @return A new MPMasterKeySize-byte allocated buffer or NULL if an error occurred. */
MPMasterKey mpw_masterKeyForUser( MPMasterKey mpw_masterKey(
const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion); const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion);
/** Encode a password for the site from the given master key and site parameters. /** Derive the site key for a user's site from the given master key and site parameters.
* @return A newly allocated string or NULL if an allocation error occurred. */ * @return A new MPSiteKeySize-byte allocated buffer or NULL if an error occurred. */
const char *mpw_passwordForSite( MPSiteKey mpw_siteKey(
MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
const MPSiteVariant siteVariant, const char *siteContext, const MPAlgorithmVersion algorithmVersion); const MPSiteVariant siteVariant, const char *siteContext, const MPAlgorithmVersion algorithmVersion);
/** Encode a password for the site from the given site key.
* @return A newly allocated string or NULL if an error occurred. */
const char *mpw_sitePassword(
MPSiteKey siteKey, const MPSiteType siteType, const MPAlgorithmVersion algorithmVersion);
#endif // _MPW_ALGORITHM_H #endif // _MPW_ALGORITHM_H

View File

@ -77,15 +77,15 @@ static MPMasterKey mpw_masterKeyForUser_v0(const char *fullName, const char *mas
return masterKey; return masterKey;
} }
static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, static MPSiteKey mpw_siteKey_v0(
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
const MPSiteVariant siteVariant, const char *siteContext) { const MPSiteVariant siteVariant, const char *siteContext) {
const char *siteScope = mpw_scopeForVariant( siteVariant ); const char *siteScope = mpw_scopeForVariant( siteVariant );
trc( "algorithm: v%d\n", 0 ); trc( "-- mpw_siteKey_v0\n" );
trc( "siteName: %s\n", siteName ); trc( "siteName: %s\n", siteName );
trc( "siteCounter: %d\n", siteCounter ); trc( "siteCounter: %d\n", siteCounter );
trc( "siteVariant: %d\n", siteVariant ); trc( "siteVariant: %d\n", siteVariant );
trc( "siteType: %d\n", siteType );
trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext ); trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext );
trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n", trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n",
siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName, siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName,
@ -93,7 +93,7 @@ static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *sit
mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext ); mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext );
// Calculate the site seed. // Calculate the site seed.
// sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) // siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
size_t sitePasswordInfoSize = 0; size_t sitePasswordInfoSize = 0;
uint8_t *sitePasswordInfo = NULL; uint8_t *sitePasswordInfo = NULL;
mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope ); mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope );
@ -110,31 +110,40 @@ static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *sit
} }
trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) ); trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) );
const char *sitePasswordSeed = (const char *)mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
mpw_free( sitePasswordInfo, sitePasswordInfoSize ); mpw_free( sitePasswordInfo, sitePasswordInfoSize );
if (!sitePasswordSeed) { if (!siteKey) {
ftl( "Could not allocate site seed: %d\n", errno ); ftl( "Could not allocate site seed: %d\n", errno );
return NULL; return NULL;
} }
trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) ); trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) );
return siteKey;
}
static const char *mpw_sitePassword_v0(
MPSiteKey siteKey, const MPSiteType siteType) {
trc( "-- mpw_sitePassword_v0\n" );
trc( "siteType: %d\n", siteType );
// Determine the template. // Determine the template.
const char *template = mpw_templateForType_v0( siteType, htons( sitePasswordSeed[0] ) ); const char *_siteKey = (const char *)siteKey;
const char *template = mpw_templateForType_v0( siteType, htons( _siteKey[0] ) );
trc( "type %d, template: %s\n", siteType, template ); trc( "type %d, template: %s\n", siteType, template );
if (strlen( template ) > 32) { if (strlen( template ) > 32) {
ftl( "Template too long for password seed: %lu", strlen( template ) ); ftl( "Template too long for password seed: %lu", strlen( template ) );
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); mpw_free( _siteKey, sizeof( _siteKey ) );
return NULL; return NULL;
} }
// Encode the password from the seed using the template. // Encode the password from the seed using the template.
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) ); char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
for (size_t c = 0; c < strlen( template ); ++c) { for (size_t c = 0; c < strlen( template ); ++c) {
sitePassword[c] = mpw_characterFromClass_v0( template[c], htons( sitePasswordSeed[c + 1] ) ); sitePassword[c] = mpw_characterFromClass_v0( template[c], htons( _siteKey[c + 1] ) );
trc( "class %c, index %u (0x%02X) -> character: %c\n", trc( "class %c, index %u (0x%02X) -> character: %c\n",
template[c], htons( sitePasswordSeed[c + 1] ), htons( sitePasswordSeed[c + 1] ), sitePassword[c] ); template[c], htons( _siteKey[c + 1] ), htons( _siteKey[c + 1] ), sitePassword[c] );
} }
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
return sitePassword; return sitePassword;
} }

View File

@ -26,7 +26,6 @@
#define MP_N 32768 #define MP_N 32768
#define MP_r 8 #define MP_r 8
#define MP_p 2 #define MP_p 2
#define MP_hash PearlHashSHA256
static MPMasterKey mpw_masterKeyForUser_v1(const char *fullName, const char *masterPassword) { static MPMasterKey mpw_masterKeyForUser_v1(const char *fullName, const char *masterPassword) {
@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v1(const char *fullName, const char *mas
return masterKey; return masterKey;
} }
static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, static MPSiteKey mpw_siteKey_v1(
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
const MPSiteVariant siteVariant, const char *siteContext) { const MPSiteVariant siteVariant, const char *siteContext) {
const char *siteScope = mpw_scopeForVariant( siteVariant ); const char *siteScope = mpw_scopeForVariant( siteVariant );
trc( "algorithm: v%d\n", 1 ); trc( "-- mpw_siteKey_v1\n" );
trc( "siteName: %s\n", siteName ); trc( "siteName: %s\n", siteName );
trc( "siteCounter: %d\n", siteCounter ); trc( "siteCounter: %d\n", siteCounter );
trc( "siteVariant: %d\n", siteVariant ); trc( "siteVariant: %d\n", siteVariant );
trc( "siteType: %d\n", siteType );
trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext ); trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext );
trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n", trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n",
siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName, siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName,
@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *sit
mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext ); mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext );
// Calculate the site seed. // Calculate the site seed.
// sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) // siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
size_t sitePasswordInfoSize = 0; size_t sitePasswordInfoSize = 0;
uint8_t *sitePasswordInfo = NULL; uint8_t *sitePasswordInfo = NULL;
mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope ); mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope );
@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *sit
} }
trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) ); trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) );
const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
mpw_free( sitePasswordInfo, sitePasswordInfoSize ); mpw_free( sitePasswordInfo, sitePasswordInfoSize );
if (!sitePasswordSeed) { if (!siteKey) {
ftl( "Could not allocate site seed: %d\n", errno ); ftl( "Could not allocate site seed: %d\n", errno );
return NULL; return NULL;
} }
trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) ); trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) );
return siteKey;
}
static const char *mpw_sitePassword_v1(
MPSiteKey siteKey, const MPSiteType siteType) {
trc( "-- mpw_sitePassword_v1\n" );
trc( "siteType: %d\n", siteType );
// Determine the template. // Determine the template.
const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] ); const char *template = mpw_templateForType( siteType, siteKey[0] );
trc( "type %d, template: %s\n", siteType, template ); trc( "type %d, template: %s\n", siteType, template );
if (strlen( template ) > 32) { if (strlen( template ) > 32) {
ftl( "Template too long for password seed: %lu", strlen( template ) ); ftl( "Template too long for password seed: %lu", strlen( template ) );
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); mpw_free( siteKey, sizeof( siteKey ) );
return NULL; return NULL;
} }
// Encode the password from the seed using the template. // Encode the password from the seed using the template.
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) ); char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
for (size_t c = 0; c < strlen( template ); ++c) { for (size_t c = 0; c < strlen( template ); ++c) {
sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] ); sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] );
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1], trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1],
sitePassword[c] ); sitePassword[c] );
} }
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
return sitePassword; return sitePassword;
} }

View File

@ -26,7 +26,6 @@
#define MP_N 32768 #define MP_N 32768
#define MP_r 8 #define MP_r 8
#define MP_p 2 #define MP_p 2
#define MP_hash PearlHashSHA256
static MPMasterKey mpw_masterKeyForUser_v2(const char *fullName, const char *masterPassword) { static MPMasterKey mpw_masterKeyForUser_v2(const char *fullName, const char *masterPassword) {
@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v2(const char *fullName, const char *mas
return masterKey; return masterKey;
} }
static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, static MPSiteKey mpw_siteKey_v2(
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
const MPSiteVariant siteVariant, const char *siteContext) { const MPSiteVariant siteVariant, const char *siteContext) {
const char *siteScope = mpw_scopeForVariant( siteVariant ); const char *siteScope = mpw_scopeForVariant( siteVariant );
trc( "algorithm: v%d\n", 2 ); trc( "-- mpw_siteKey_v2\n" );
trc( "siteName: %s\n", siteName ); trc( "siteName: %s\n", siteName );
trc( "siteCounter: %d\n", siteCounter ); trc( "siteCounter: %d\n", siteCounter );
trc( "siteVariant: %d\n", siteVariant ); trc( "siteVariant: %d\n", siteVariant );
trc( "siteType: %d\n", siteType );
trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext ); trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext );
trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n", trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n",
siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName, siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName,
@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *sit
mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext ); mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext );
// Calculate the site seed. // Calculate the site seed.
// sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) // siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
size_t sitePasswordInfoSize = 0; size_t sitePasswordInfoSize = 0;
uint8_t *sitePasswordInfo = NULL; uint8_t *sitePasswordInfo = NULL;
mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope ); mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope );
@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *sit
} }
trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) ); trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) );
const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); const uint8_t *siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
mpw_free( sitePasswordInfo, sitePasswordInfoSize ); mpw_free( sitePasswordInfo, sitePasswordInfoSize );
if (!sitePasswordSeed) { if (!siteKey) {
ftl( "Could not allocate site seed: %d\n", errno ); ftl( "Could not allocate site seed: %d\n", errno );
return NULL; return NULL;
} }
trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) ); trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) );
return siteKey;
}
static const char *mpw_sitePassword_v2(
MPSiteKey siteKey, const MPSiteType siteType) {
trc( "-- mpw_sitePassword_v2\n" );
trc( "siteType: %d\n", siteType );
// Determine the template. // Determine the template.
const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] ); const char *template = mpw_templateForType( siteType, siteKey[0] );
trc( "type %d, template: %s\n", siteType, template ); trc( "type %d, template: %s\n", siteType, template );
if (strlen( template ) > 32) { if (strlen( template ) > 32) {
ftl( "Template too long for password seed: %lu", strlen( template ) ); ftl( "Template too long for password seed: %lu", strlen( template ) );
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); mpw_free( siteKey, sizeof( siteKey ) );
return NULL; return NULL;
} }
// Encode the password from the seed using the template. // Encode the password from the seed using the template.
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) ); char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
for (size_t c = 0; c < strlen( template ); ++c) { for (size_t c = 0; c < strlen( template ); ++c) {
sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] ); sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] );
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1], trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1],
sitePassword[c] ); sitePassword[c] );
} }
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
return sitePassword; return sitePassword;
} }

View File

@ -26,12 +26,11 @@
#define MP_N 32768 #define MP_N 32768
#define MP_r 8 #define MP_r 8
#define MP_p 2 #define MP_p 2
#define MP_hash PearlHashSHA256
static MPMasterKey mpw_masterKeyForUser_v3(const char *fullName, const char *masterPassword) { static MPMasterKey mpw_masterKeyForUser_v3(const char *fullName, const char *masterPassword) {
const char *mpKeyScope = mpw_scopeForVariant( MPSiteVariantPassword ); const char *mpKeyScope = mpw_scopeForVariant( MPSiteVariantPassword );
trc( "algorithm: v%d\n", 3 ); trc( "-- mpw_masterKeyForUser_v3\n" );
trc( "fullName: %s (%zu)\n", fullName, strlen( fullName ) ); trc( "fullName: %s (%zu)\n", fullName, strlen( fullName ) );
trc( "masterPassword: %s\n", masterPassword ); trc( "masterPassword: %s\n", masterPassword );
trc( "key scope: %s\n", mpKeyScope ); trc( "key scope: %s\n", mpKeyScope );
@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v3(const char *fullName, const char *mas
return masterKey; return masterKey;
} }
static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter, static MPSiteKey mpw_siteKey_v3(
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
const MPSiteVariant siteVariant, const char *siteContext) { const MPSiteVariant siteVariant, const char *siteContext) {
const char *siteScope = mpw_scopeForVariant( siteVariant ); const char *siteScope = mpw_scopeForVariant( siteVariant );
trc( "algorithm: v%d\n", 3 ); trc( "-- mpw_siteKey_v3\n" );
trc( "siteName: %s\n", siteName ); trc( "siteName: %s\n", siteName );
trc( "siteCounter: %d\n", siteCounter ); trc( "siteCounter: %d\n", siteCounter );
trc( "siteVariant: %d\n", siteVariant ); trc( "siteVariant: %d\n", siteVariant );
trc( "siteType: %d\n", siteType );
trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext ); trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext );
trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n", trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n",
siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName, siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName,
@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *sit
mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext ); mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext );
// Calculate the site seed. // Calculate the site seed.
// sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext ) // siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
size_t sitePasswordInfoSize = 0; size_t sitePasswordInfoSize = 0;
uint8_t *sitePasswordInfo = NULL; uint8_t *sitePasswordInfo = NULL;
mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope ); mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope );
@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *sit
} }
trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) ); trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) );
const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize ); MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
mpw_free( sitePasswordInfo, sitePasswordInfoSize ); mpw_free( sitePasswordInfo, sitePasswordInfoSize );
if (!sitePasswordSeed) { if (!siteKey) {
ftl( "Could not allocate site seed: %d\n", errno ); ftl( "Could not allocate site seed: %d\n", errno );
return NULL; return NULL;
} }
trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) ); trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) );
return siteKey;
}
static const char *mpw_sitePassword_v3(
MPSiteKey siteKey, const MPSiteType siteType) {
trc( "-- mpw_sitePassword_v3\n" );
trc( "siteType: %d\n", siteType );
// Determine the template. // Determine the template.
const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] ); const char *template = mpw_templateForType( siteType, siteKey[0] );
trc( "type %d, template: %s\n", siteType, template ); trc( "type %d, template: %s\n", siteType, template );
if (strlen( template ) > 32) { if (strlen( template ) > 32) {
ftl( "Template too long for password seed: %lu", strlen( template ) ); ftl( "Template too long for password seed: %lu", strlen( template ) );
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) ); mpw_free( siteKey, sizeof( siteKey ) );
return NULL; return NULL;
} }
// Encode the password from the seed using the template. // Encode the password from the seed using the template.
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) ); char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
for (size_t c = 0; c < strlen( template ); ++c) { for (size_t c = 0; c < strlen( template ); ++c) {
sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] ); sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] );
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1], trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1],
sitePassword[c] ); sitePassword[c] );
} }
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
return sitePassword; return sitePassword;
} }

View File

@ -102,7 +102,7 @@ bool mpw_update_masterKey(MPMasterKey *masterKey, MPAlgorithmVersion *masterKeyA
if (*masterKeyAlgorithm != targetKeyAlgorithm) { if (*masterKeyAlgorithm != targetKeyAlgorithm) {
mpw_free( *masterKey, MPMasterKeySize ); mpw_free( *masterKey, MPMasterKeySize );
*masterKeyAlgorithm = targetKeyAlgorithm; *masterKeyAlgorithm = targetKeyAlgorithm;
*masterKey = mpw_masterKeyForUser( *masterKey = mpw_masterKey(
fullName, masterPassword, *masterKeyAlgorithm ); fullName, masterPassword, *masterKeyAlgorithm );
if (!*masterKey) { if (!*masterKey) {
err( "Couldn't derive master key for user %s, algorithm %d.\n", fullName, *masterKeyAlgorithm ); err( "Couldn't derive master key for user %s, algorithm %d.\n", fullName, *masterKeyAlgorithm );

View File

@ -170,8 +170,11 @@ static bool mpw_marshall_write_flat(
return false; return false;
} }
if (site.type & MPSiteTypeClassGenerated) if (site.type & MPSiteTypeClassGenerated) {
content = mpw_passwordForSite( masterKey, site.name, site.type, site.counter, MPSiteVariantPassword, NULL, site.algorithm ); MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, site.counter, MPSiteVariantPassword, NULL, site.algorithm );
content = mpw_sitePassword( siteKey, site.type, site.algorithm );
mpw_free( siteKey, MPSiteKeySize );
}
else if (content) { else if (content) {
// TODO: Decrypt Personal Passwords // TODO: Decrypt Personal Passwords
//content = aes128_cbc( masterKey, content ); //content = aes128_cbc( masterKey, content );
@ -250,8 +253,11 @@ static bool mpw_marshall_write_json(
return false; return false;
} }
if (site.type & MPSiteTypeClassGenerated) if (site.type & MPSiteTypeClassGenerated) {
content = mpw_passwordForSite( masterKey, site.name, site.type, site.counter, MPSiteVariantPassword, NULL, site.algorithm ); MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, site.counter, MPSiteVariantPassword, NULL, site.algorithm );
content = mpw_sitePassword( siteKey, site.type, site.algorithm );
mpw_free( siteKey, MPSiteKeySize );
}
else if (content) { else if (content) {
// TODO: Decrypt Personal Passwords // TODO: Decrypt Personal Passwords
//content = aes128_cbc( masterKey, content ); //content = aes128_cbc( masterKey, content );
@ -284,8 +290,9 @@ static bool mpw_marshall_write_json(
json_object_object_add( json_site_questions, question.keyword, json_site_question ); json_object_object_add( json_site_questions, question.keyword, json_site_question );
if (!user->redacted) { if (!user->redacted) {
const char *answer = mpw_passwordForSite( masterKey, site.name, MPSiteTypeGeneratedPhrase, 1, MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, 1, MPSiteVariantAnswer, question.keyword, site.algorithm );
MPSiteVariantAnswer, question.keyword, site.algorithm ); const char *answer = mpw_sitePassword( siteKey, MPSiteTypeGeneratedPhrase, site.algorithm );
mpw_free( siteKey, MPSiteKeySize );
if (answer) if (answer)
json_object_object_add( json_site_question, "answer", json_object_new_string( answer ) ); json_object_object_add( json_site_question, "answer", json_object_new_string( answer ) );
} }

View File

@ -33,7 +33,9 @@
#define MPMasterKeySize 64 #define MPMasterKeySize 64
typedef const uint8_t *MPMasterKey; typedef const uint8_t *MPMasterKey;
typedef const char *MPMasterKeyID; #define MPSiteKeySize 256 / 8 // Bytes in HMAC-SHA-256
typedef const uint8_t *MPSiteKey;
typedef const char *MPKeyID;
typedef enum( unsigned int, MPSiteVariant ) { typedef enum( unsigned int, MPSiteVariant ) {
/** Generate a key for authentication. */ /** Generate a key for authentication. */

View File

@ -136,7 +136,10 @@ uint8_t const *mpw_hmac_sha256(const uint8_t *key, const size_t keySize, const u
return NULL; return NULL;
} }
const char *mpw_id_buf(const void *buf, size_t length) { MPKeyID mpw_id_buf(const void *buf, size_t length) {
if (!buf)
return "<unset>";
#if HAS_CPERCIVA #if HAS_CPERCIVA
uint8_t hash[32]; uint8_t hash[32];

View File

@ -122,7 +122,7 @@ const char *mpw_hex(const void *buf, size_t length);
const char *mpw_hex_l(uint32_t number); const char *mpw_hex_l(uint32_t number);
/** Encode a fingerprint for a buffer. /** Encode a fingerprint for a buffer.
* @return A C-string in a reused buffer, do not free or store it. */ * @return A C-string in a reused buffer, do not free or store it. */
const char *mpw_id_buf(const void *buf, size_t length); MPKeyID mpw_id_buf(const void *buf, size_t length);
/** Compare two fingerprints for equality. /** Compare two fingerprints for equality.
* @return true if the buffers represent identical fingerprints. */ * @return true if the buffers represent identical fingerprints. */
bool mpw_id_buf_equals(const char *id1, const char *id2); bool mpw_id_buf_equals(const char *id1, const char *id2);

View File

@ -128,7 +128,7 @@ static NSOperationQueue *_mpwQueue = nil;
__block NSData *keyData; __block NSData *keyData;
[self mpw_perform:^{ [self mpw_perform:^{
NSDate *start = [NSDate date]; NSDate *start = [NSDate date];
MPMasterKey masterKey = mpw_masterKeyForUser( fullName.UTF8String, masterPassword.UTF8String, [self version] ); MPMasterKey masterKey = mpw_masterKey( fullName.UTF8String, masterPassword.UTF8String, [self version] );
if (masterKey) { if (masterKey) {
keyData = [NSData dataWithBytes:masterKey length:MPMasterKeySize]; keyData = [NSData dataWithBytes:masterKey length:MPMasterKeySize];
trc( @"User: %@, password: %@ derives to key ID: %@ (took %0.2fs)", // trc( @"User: %@, password: %@ derives to key ID: %@ (took %0.2fs)", //

View File

@ -64,7 +64,7 @@ int main(int argc, char *const argv[]) {
// Similar to phase-two of mpw // Similar to phase-two of mpw
uint8_t *sitePasswordInfo = malloc( 128 ); uint8_t *sitePasswordInfo = malloc( 128 );
iterations = 3000000; iterations = 3000000;
masterKey = mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent ); masterKey = mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent );
if (!masterKey) if (!masterKey)
ftl( "Could not allocate master key: %d\n", errno ); ftl( "Could not allocate master key: %d\n", errno );
mpw_getTime( &startTime ); mpw_getTime( &startTime );
@ -95,7 +95,7 @@ int main(int argc, char *const argv[]) {
iterations = 50; iterations = 50;
mpw_getTime( &startTime ); mpw_getTime( &startTime );
for (int i = 1; i <= iterations; ++i) { for (int i = 1; i <= iterations; ++i) {
free( (void *)mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent ) ); free( (void *)mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent ) );
if (modff(100.f * i / iterations, &percent) == 0) if (modff(100.f * i / iterations, &percent) == 0)
fprintf( stderr, "\rscrypt_mpw: iteration %d / %d (%.0f%%)..", i, iterations, percent ); fprintf( stderr, "\rscrypt_mpw: iteration %d / %d (%.0f%%)..", i, iterations, percent );
@ -107,13 +107,16 @@ int main(int argc, char *const argv[]) {
iterations = 50; iterations = 50;
mpw_getTime( &startTime ); mpw_getTime( &startTime );
for (int i = 1; i <= iterations; ++i) { for (int i = 1; i <= iterations; ++i) {
masterKey = mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent ); masterKey = mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent );
if (!masterKey) if (!masterKey)
ftl( "Could not allocate master key: %d\n", errno ); ftl( "Could not allocate master key: %d\n", errno );
free( (void *)mpw_passwordForSite( MPSiteKey siteKey = mpw_siteKey(
masterKey, siteName, siteType, siteCounter, siteVariant, siteContext, MPAlgorithmVersionCurrent ) ); masterKey, siteName, siteCounter, siteVariant, siteContext, MPAlgorithmVersionCurrent );
free( (void *)mpw_sitePassword(
siteKey, siteType, MPAlgorithmVersionCurrent ) );
free( (void *)masterKey ); free( (void *)masterKey );
free( (void *)siteKey );
if (modff(100.f * i / iterations, &percent) == 0) if (modff(100.f * i / iterations, &percent) == 0)
fprintf( stderr, "\rmpw: iteration %d / %d (%.0f%%)..", i, iterations, percent ); fprintf( stderr, "\rmpw: iteration %d / %d (%.0f%%)..", i, iterations, percent );

View File

@ -311,16 +311,17 @@ int main(int argc, char *const argv[]) {
mpw_free_string( identicon ); mpw_free_string( identicon );
// Output the password. // Output the password.
MPMasterKey masterKey = mpw_masterKeyForUser( MPMasterKey masterKey = mpw_masterKey(
fullName, masterPassword, algorithmVersion ); fullName, masterPassword, algorithmVersion );
mpw_free_string( masterPassword ); mpw_free_string( masterPassword );
mpw_free_string( fullName ); mpw_free_string( fullName );
if (!masterKey) if (!masterKey)
ftl( "Couldn't derive master key." ); ftl( "Couldn't derive master key." );
const char *sitePassword = mpw_passwordForSite( MPSiteKey siteKey = mpw_siteKey( masterKey, siteName, siteCounter, siteVariant, siteContextArg, algorithmVersion );
masterKey, siteName, siteType, siteCounter, siteVariant, siteContextArg, algorithmVersion ); const char *sitePassword = mpw_sitePassword(siteKey, siteType, algorithmVersion );
mpw_free( masterKey, MPMasterKeySize ); mpw_free( masterKey, MPMasterKeySize );
mpw_free( siteKey, MPSiteKeySize );
mpw_free_string( siteName ); mpw_free_string( siteName );
if (!sitePassword) if (!sitePassword)
ftl( "Couldn't derive site password." ); ftl( "Couldn't derive site password." );

View File

@ -24,7 +24,7 @@ int main(int argc, char *const argv[]) {
// Read in the test case. // Read in the test case.
xmlChar *id = mpw_xmlTestCaseString( testCase, "id" ); xmlChar *id = mpw_xmlTestCaseString( testCase, "id" );
uint32_t algorithm = mpw_xmlTestCaseInteger( testCase, "algorithm" ); MPAlgorithmVersion algorithm = (MPAlgorithmVersion)mpw_xmlTestCaseInteger( testCase, "algorithm" );
xmlChar *fullName = mpw_xmlTestCaseString( testCase, "fullName" ); xmlChar *fullName = mpw_xmlTestCaseString( testCase, "fullName" );
xmlChar *masterPassword = mpw_xmlTestCaseString( testCase, "masterPassword" ); xmlChar *masterPassword = mpw_xmlTestCaseString( testCase, "masterPassword" );
xmlChar *keyID = mpw_xmlTestCaseString( testCase, "keyID" ); xmlChar *keyID = mpw_xmlTestCaseString( testCase, "keyID" );
@ -46,15 +46,18 @@ int main(int argc, char *const argv[]) {
} }
// 1. calculate the master key. // 1. calculate the master key.
MPMasterKey masterKey = mpw_masterKeyForUser( MPMasterKey masterKey = mpw_masterKey(
(char *)fullName, (char *)masterPassword, algorithm ); (char *)fullName, (char *)masterPassword, algorithm );
if (!masterKey) if (!masterKey)
ftl( "Couldn't derive master key." ); ftl( "Couldn't derive master key." );
// 2. calculate the site password. // 2. calculate the site password.
const char *sitePassword = mpw_passwordForSite( MPSiteKey siteKey = mpw_siteKey(
masterKey, (char *)siteName, siteType, siteCounter, siteVariant, (char *)siteContext, algorithm ); masterKey, (char *)siteName, siteCounter, siteVariant, (char *)siteContext, algorithm );
const char *sitePassword = mpw_sitePassword(
siteKey, siteType, algorithm );
mpw_free( masterKey, MPMasterKeySize ); mpw_free( masterKey, MPMasterKeySize );
mpw_free( siteKey, MPSiteKeySize );
if (!sitePassword) if (!sitePassword)
ftl( "Couldn't derive site password." ); ftl( "Couldn't derive site password." );