Split the API into the three distinct phases of the mpw algorithm.
This commit is contained in:
parent
13107063df
commit
3c5cb1673a
@ -22,12 +22,7 @@
|
||||
#include "mpw-algorithm_v2.c"
|
||||
#include "mpw-algorithm_v3.c"
|
||||
|
||||
#define MP_N 32768
|
||||
#define MP_r 8
|
||||
#define MP_p 2
|
||||
#define MP_hash PearlHashSHA256
|
||||
|
||||
MPMasterKey mpw_masterKeyForUser(const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion) {
|
||||
MPMasterKey mpw_masterKey(const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion) {
|
||||
|
||||
if (!fullName || !masterPassword)
|
||||
return NULL;
|
||||
@ -47,7 +42,8 @@ MPMasterKey mpw_masterKeyForUser(const char *fullName, const char *masterPasswor
|
||||
}
|
||||
}
|
||||
|
||||
const char *mpw_passwordForSite(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter,
|
||||
MPSiteKey mpw_siteKey(
|
||||
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
|
||||
const MPSiteVariant siteVariant, const char *siteContext, const MPAlgorithmVersion algorithmVersion) {
|
||||
|
||||
if (!masterKey || !siteName)
|
||||
@ -55,13 +51,34 @@ const char *mpw_passwordForSite(MPMasterKey masterKey, const char *siteName, con
|
||||
|
||||
switch (algorithmVersion) {
|
||||
case MPAlgorithmVersion0:
|
||||
return mpw_passwordForSite_v0( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext );
|
||||
return mpw_siteKey_v0( masterKey, siteName, siteCounter, siteVariant, siteContext );
|
||||
case MPAlgorithmVersion1:
|
||||
return mpw_passwordForSite_v1( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext );
|
||||
return mpw_siteKey_v1( masterKey, siteName, siteCounter, siteVariant, siteContext );
|
||||
case MPAlgorithmVersion2:
|
||||
return mpw_passwordForSite_v2( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext );
|
||||
return mpw_siteKey_v2( masterKey, siteName, siteCounter, siteVariant, siteContext );
|
||||
case MPAlgorithmVersion3:
|
||||
return mpw_passwordForSite_v3( masterKey, siteName, siteType, siteCounter, siteVariant, siteContext );
|
||||
return mpw_siteKey_v3( masterKey, siteName, siteCounter, siteVariant, siteContext );
|
||||
default:
|
||||
ftl( "Unsupported version: %d", algorithmVersion );
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
const char *mpw_sitePassword(
|
||||
MPSiteKey siteKey, const MPSiteType siteType, const MPAlgorithmVersion algorithmVersion) {
|
||||
|
||||
if (!siteKey)
|
||||
return NULL;
|
||||
|
||||
switch (algorithmVersion) {
|
||||
case MPAlgorithmVersion0:
|
||||
return mpw_sitePassword_v0( siteKey, siteType );
|
||||
case MPAlgorithmVersion1:
|
||||
return mpw_sitePassword_v1( siteKey, siteType );
|
||||
case MPAlgorithmVersion2:
|
||||
return mpw_sitePassword_v2( siteKey, siteType );
|
||||
case MPAlgorithmVersion3:
|
||||
return mpw_sitePassword_v3( siteKey, siteType );
|
||||
default:
|
||||
ftl( "Unsupported version: %d", algorithmVersion );
|
||||
return NULL;
|
||||
|
@ -38,14 +38,19 @@ typedef enum( unsigned int, MPAlgorithmVersion ) {
|
||||
};
|
||||
|
||||
/** Derive the master key for a user based on their name and master password.
|
||||
* @return A new MP_dkLen-byte allocated buffer or NULL if an allocation error occurred. */
|
||||
MPMasterKey mpw_masterKeyForUser(
|
||||
* @return A new MPMasterKeySize-byte allocated buffer or NULL if an error occurred. */
|
||||
MPMasterKey mpw_masterKey(
|
||||
const char *fullName, const char *masterPassword, const MPAlgorithmVersion algorithmVersion);
|
||||
|
||||
/** Encode a password for the site from the given master key and site parameters.
|
||||
* @return A newly allocated string or NULL if an allocation error occurred. */
|
||||
const char *mpw_passwordForSite(
|
||||
MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter,
|
||||
/** Derive the site key for a user's site from the given master key and site parameters.
|
||||
* @return A new MPSiteKeySize-byte allocated buffer or NULL if an error occurred. */
|
||||
MPSiteKey mpw_siteKey(
|
||||
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
|
||||
const MPSiteVariant siteVariant, const char *siteContext, const MPAlgorithmVersion algorithmVersion);
|
||||
|
||||
/** Encode a password for the site from the given site key.
|
||||
* @return A newly allocated string or NULL if an error occurred. */
|
||||
const char *mpw_sitePassword(
|
||||
MPSiteKey siteKey, const MPSiteType siteType, const MPAlgorithmVersion algorithmVersion);
|
||||
|
||||
#endif // _MPW_ALGORITHM_H
|
||||
|
@ -77,15 +77,15 @@ static MPMasterKey mpw_masterKeyForUser_v0(const char *fullName, const char *mas
|
||||
return masterKey;
|
||||
}
|
||||
|
||||
static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter,
|
||||
static MPSiteKey mpw_siteKey_v0(
|
||||
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
|
||||
const MPSiteVariant siteVariant, const char *siteContext) {
|
||||
|
||||
const char *siteScope = mpw_scopeForVariant( siteVariant );
|
||||
trc( "algorithm: v%d\n", 0 );
|
||||
trc( "-- mpw_siteKey_v0\n" );
|
||||
trc( "siteName: %s\n", siteName );
|
||||
trc( "siteCounter: %d\n", siteCounter );
|
||||
trc( "siteVariant: %d\n", siteVariant );
|
||||
trc( "siteType: %d\n", siteType );
|
||||
trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext );
|
||||
trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n",
|
||||
siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName,
|
||||
@ -93,7 +93,7 @@ static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *sit
|
||||
mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext );
|
||||
|
||||
// Calculate the site seed.
|
||||
// sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
|
||||
// siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
|
||||
size_t sitePasswordInfoSize = 0;
|
||||
uint8_t *sitePasswordInfo = NULL;
|
||||
mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope );
|
||||
@ -110,31 +110,40 @@ static const char *mpw_passwordForSite_v0(MPMasterKey masterKey, const char *sit
|
||||
}
|
||||
trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) );
|
||||
|
||||
const char *sitePasswordSeed = (const char *)mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
|
||||
MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
|
||||
mpw_free( sitePasswordInfo, sitePasswordInfoSize );
|
||||
if (!sitePasswordSeed) {
|
||||
if (!siteKey) {
|
||||
ftl( "Could not allocate site seed: %d\n", errno );
|
||||
return NULL;
|
||||
}
|
||||
trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) );
|
||||
trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) );
|
||||
|
||||
return siteKey;
|
||||
}
|
||||
|
||||
static const char *mpw_sitePassword_v0(
|
||||
MPSiteKey siteKey, const MPSiteType siteType) {
|
||||
|
||||
trc( "-- mpw_sitePassword_v0\n" );
|
||||
trc( "siteType: %d\n", siteType );
|
||||
|
||||
// Determine the template.
|
||||
const char *template = mpw_templateForType_v0( siteType, htons( sitePasswordSeed[0] ) );
|
||||
const char *_siteKey = (const char *)siteKey;
|
||||
const char *template = mpw_templateForType_v0( siteType, htons( _siteKey[0] ) );
|
||||
trc( "type %d, template: %s\n", siteType, template );
|
||||
if (strlen( template ) > 32) {
|
||||
ftl( "Template too long for password seed: %lu", strlen( template ) );
|
||||
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
|
||||
mpw_free( _siteKey, sizeof( _siteKey ) );
|
||||
return NULL;
|
||||
}
|
||||
|
||||
// Encode the password from the seed using the template.
|
||||
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
|
||||
for (size_t c = 0; c < strlen( template ); ++c) {
|
||||
sitePassword[c] = mpw_characterFromClass_v0( template[c], htons( sitePasswordSeed[c + 1] ) );
|
||||
sitePassword[c] = mpw_characterFromClass_v0( template[c], htons( _siteKey[c + 1] ) );
|
||||
trc( "class %c, index %u (0x%02X) -> character: %c\n",
|
||||
template[c], htons( sitePasswordSeed[c + 1] ), htons( sitePasswordSeed[c + 1] ), sitePassword[c] );
|
||||
template[c], htons( _siteKey[c + 1] ), htons( _siteKey[c + 1] ), sitePassword[c] );
|
||||
}
|
||||
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
|
||||
|
||||
return sitePassword;
|
||||
}
|
||||
|
@ -26,7 +26,6 @@
|
||||
#define MP_N 32768
|
||||
#define MP_r 8
|
||||
#define MP_p 2
|
||||
#define MP_hash PearlHashSHA256
|
||||
|
||||
static MPMasterKey mpw_masterKeyForUser_v1(const char *fullName, const char *masterPassword) {
|
||||
|
||||
@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v1(const char *fullName, const char *mas
|
||||
return masterKey;
|
||||
}
|
||||
|
||||
static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter,
|
||||
static MPSiteKey mpw_siteKey_v1(
|
||||
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
|
||||
const MPSiteVariant siteVariant, const char *siteContext) {
|
||||
|
||||
const char *siteScope = mpw_scopeForVariant( siteVariant );
|
||||
trc( "algorithm: v%d\n", 1 );
|
||||
trc( "-- mpw_siteKey_v1\n" );
|
||||
trc( "siteName: %s\n", siteName );
|
||||
trc( "siteCounter: %d\n", siteCounter );
|
||||
trc( "siteVariant: %d\n", siteVariant );
|
||||
trc( "siteType: %d\n", siteType );
|
||||
trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext );
|
||||
trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n",
|
||||
siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName,
|
||||
@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *sit
|
||||
mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext );
|
||||
|
||||
// Calculate the site seed.
|
||||
// sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
|
||||
// siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
|
||||
size_t sitePasswordInfoSize = 0;
|
||||
uint8_t *sitePasswordInfo = NULL;
|
||||
mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope );
|
||||
@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v1(MPMasterKey masterKey, const char *sit
|
||||
}
|
||||
trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) );
|
||||
|
||||
const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
|
||||
MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
|
||||
mpw_free( sitePasswordInfo, sitePasswordInfoSize );
|
||||
if (!sitePasswordSeed) {
|
||||
if (!siteKey) {
|
||||
ftl( "Could not allocate site seed: %d\n", errno );
|
||||
return NULL;
|
||||
}
|
||||
trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) );
|
||||
trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) );
|
||||
|
||||
return siteKey;
|
||||
}
|
||||
|
||||
static const char *mpw_sitePassword_v1(
|
||||
MPSiteKey siteKey, const MPSiteType siteType) {
|
||||
|
||||
trc( "-- mpw_sitePassword_v1\n" );
|
||||
trc( "siteType: %d\n", siteType );
|
||||
|
||||
// Determine the template.
|
||||
const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] );
|
||||
const char *template = mpw_templateForType( siteType, siteKey[0] );
|
||||
trc( "type %d, template: %s\n", siteType, template );
|
||||
if (strlen( template ) > 32) {
|
||||
ftl( "Template too long for password seed: %lu", strlen( template ) );
|
||||
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
|
||||
mpw_free( siteKey, sizeof( siteKey ) );
|
||||
return NULL;
|
||||
}
|
||||
|
||||
// Encode the password from the seed using the template.
|
||||
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
|
||||
for (size_t c = 0; c < strlen( template ); ++c) {
|
||||
sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] );
|
||||
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1],
|
||||
sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] );
|
||||
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1],
|
||||
sitePassword[c] );
|
||||
}
|
||||
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
|
||||
|
||||
return sitePassword;
|
||||
}
|
||||
|
@ -26,7 +26,6 @@
|
||||
#define MP_N 32768
|
||||
#define MP_r 8
|
||||
#define MP_p 2
|
||||
#define MP_hash PearlHashSHA256
|
||||
|
||||
static MPMasterKey mpw_masterKeyForUser_v2(const char *fullName, const char *masterPassword) {
|
||||
|
||||
@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v2(const char *fullName, const char *mas
|
||||
return masterKey;
|
||||
}
|
||||
|
||||
static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter,
|
||||
static MPSiteKey mpw_siteKey_v2(
|
||||
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
|
||||
const MPSiteVariant siteVariant, const char *siteContext) {
|
||||
|
||||
const char *siteScope = mpw_scopeForVariant( siteVariant );
|
||||
trc( "algorithm: v%d\n", 2 );
|
||||
trc( "-- mpw_siteKey_v2\n" );
|
||||
trc( "siteName: %s\n", siteName );
|
||||
trc( "siteCounter: %d\n", siteCounter );
|
||||
trc( "siteVariant: %d\n", siteVariant );
|
||||
trc( "siteType: %d\n", siteType );
|
||||
trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext );
|
||||
trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n",
|
||||
siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName,
|
||||
@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *sit
|
||||
mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext );
|
||||
|
||||
// Calculate the site seed.
|
||||
// sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
|
||||
// siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
|
||||
size_t sitePasswordInfoSize = 0;
|
||||
uint8_t *sitePasswordInfo = NULL;
|
||||
mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope );
|
||||
@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v2(MPMasterKey masterKey, const char *sit
|
||||
}
|
||||
trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) );
|
||||
|
||||
const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
|
||||
const uint8_t *siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
|
||||
mpw_free( sitePasswordInfo, sitePasswordInfoSize );
|
||||
if (!sitePasswordSeed) {
|
||||
if (!siteKey) {
|
||||
ftl( "Could not allocate site seed: %d\n", errno );
|
||||
return NULL;
|
||||
}
|
||||
trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) );
|
||||
trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) );
|
||||
|
||||
return siteKey;
|
||||
}
|
||||
|
||||
static const char *mpw_sitePassword_v2(
|
||||
MPSiteKey siteKey, const MPSiteType siteType) {
|
||||
|
||||
trc( "-- mpw_sitePassword_v2\n" );
|
||||
trc( "siteType: %d\n", siteType );
|
||||
|
||||
// Determine the template.
|
||||
const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] );
|
||||
const char *template = mpw_templateForType( siteType, siteKey[0] );
|
||||
trc( "type %d, template: %s\n", siteType, template );
|
||||
if (strlen( template ) > 32) {
|
||||
ftl( "Template too long for password seed: %lu", strlen( template ) );
|
||||
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
|
||||
mpw_free( siteKey, sizeof( siteKey ) );
|
||||
return NULL;
|
||||
}
|
||||
|
||||
// Encode the password from the seed using the template.
|
||||
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
|
||||
for (size_t c = 0; c < strlen( template ); ++c) {
|
||||
sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] );
|
||||
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1],
|
||||
sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] );
|
||||
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1],
|
||||
sitePassword[c] );
|
||||
}
|
||||
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
|
||||
|
||||
return sitePassword;
|
||||
}
|
||||
|
@ -26,12 +26,11 @@
|
||||
#define MP_N 32768
|
||||
#define MP_r 8
|
||||
#define MP_p 2
|
||||
#define MP_hash PearlHashSHA256
|
||||
|
||||
static MPMasterKey mpw_masterKeyForUser_v3(const char *fullName, const char *masterPassword) {
|
||||
|
||||
const char *mpKeyScope = mpw_scopeForVariant( MPSiteVariantPassword );
|
||||
trc( "algorithm: v%d\n", 3 );
|
||||
trc( "-- mpw_masterKeyForUser_v3\n" );
|
||||
trc( "fullName: %s (%zu)\n", fullName, strlen( fullName ) );
|
||||
trc( "masterPassword: %s\n", masterPassword );
|
||||
trc( "key scope: %s\n", mpKeyScope );
|
||||
@ -62,15 +61,15 @@ static MPMasterKey mpw_masterKeyForUser_v3(const char *fullName, const char *mas
|
||||
return masterKey;
|
||||
}
|
||||
|
||||
static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *siteName, const MPSiteType siteType, const uint32_t siteCounter,
|
||||
static MPSiteKey mpw_siteKey_v3(
|
||||
MPMasterKey masterKey, const char *siteName, const uint32_t siteCounter,
|
||||
const MPSiteVariant siteVariant, const char *siteContext) {
|
||||
|
||||
const char *siteScope = mpw_scopeForVariant( siteVariant );
|
||||
trc( "algorithm: v%d\n", 3 );
|
||||
trc( "-- mpw_siteKey_v3\n" );
|
||||
trc( "siteName: %s\n", siteName );
|
||||
trc( "siteCounter: %d\n", siteCounter );
|
||||
trc( "siteVariant: %d\n", siteVariant );
|
||||
trc( "siteType: %d\n", siteType );
|
||||
trc( "site scope: %s, context: %s\n", siteScope, siteContext? "<empty>": siteContext );
|
||||
trc( "seed from: hmac-sha256(masterKey, %s | %s | %s | %s | %s | %s)\n",
|
||||
siteScope, mpw_hex_l( htonl( strlen( siteName ) ) ), siteName,
|
||||
@ -78,7 +77,7 @@ static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *sit
|
||||
mpw_hex_l( htonl( siteContext? strlen( siteContext ): 0 ) ), siteContext? "(null)": siteContext );
|
||||
|
||||
// Calculate the site seed.
|
||||
// sitePasswordSeed = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
|
||||
// siteKey = hmac-sha256( masterKey, siteScope . #siteName . siteName . siteCounter . #siteContext . siteContext )
|
||||
size_t sitePasswordInfoSize = 0;
|
||||
uint8_t *sitePasswordInfo = NULL;
|
||||
mpw_push_string( &sitePasswordInfo, &sitePasswordInfoSize, siteScope );
|
||||
@ -95,31 +94,39 @@ static const char *mpw_passwordForSite_v3(MPMasterKey masterKey, const char *sit
|
||||
}
|
||||
trc( "sitePasswordInfo ID: %s\n", mpw_id_buf( sitePasswordInfo, sitePasswordInfoSize ) );
|
||||
|
||||
const uint8_t *sitePasswordSeed = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
|
||||
MPSiteKey siteKey = mpw_hmac_sha256( masterKey, MPMasterKeySize, sitePasswordInfo, sitePasswordInfoSize );
|
||||
mpw_free( sitePasswordInfo, sitePasswordInfoSize );
|
||||
if (!sitePasswordSeed) {
|
||||
if (!siteKey) {
|
||||
ftl( "Could not allocate site seed: %d\n", errno );
|
||||
return NULL;
|
||||
}
|
||||
trc( "sitePasswordSeed ID: %s\n", mpw_id_buf( sitePasswordSeed, 32 ) );
|
||||
trc( "siteKey ID: %s\n", mpw_id_buf( siteKey, 32 ) );
|
||||
|
||||
return siteKey;
|
||||
}
|
||||
|
||||
static const char *mpw_sitePassword_v3(
|
||||
MPSiteKey siteKey, const MPSiteType siteType) {
|
||||
|
||||
trc( "-- mpw_sitePassword_v3\n" );
|
||||
trc( "siteType: %d\n", siteType );
|
||||
|
||||
// Determine the template.
|
||||
const char *template = mpw_templateForType( siteType, sitePasswordSeed[0] );
|
||||
const char *template = mpw_templateForType( siteType, siteKey[0] );
|
||||
trc( "type %d, template: %s\n", siteType, template );
|
||||
if (strlen( template ) > 32) {
|
||||
ftl( "Template too long for password seed: %lu", strlen( template ) );
|
||||
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
|
||||
mpw_free( siteKey, sizeof( siteKey ) );
|
||||
return NULL;
|
||||
}
|
||||
|
||||
// Encode the password from the seed using the template.
|
||||
char *const sitePassword = calloc( strlen( template ) + 1, sizeof( char ) );
|
||||
for (size_t c = 0; c < strlen( template ); ++c) {
|
||||
sitePassword[c] = mpw_characterFromClass( template[c], sitePasswordSeed[c + 1] );
|
||||
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], sitePasswordSeed[c + 1], sitePasswordSeed[c + 1],
|
||||
sitePassword[c] = mpw_characterFromClass( template[c], siteKey[c + 1] );
|
||||
trc( "class %c, index %u (0x%02X) -> character: %c\n", template[c], siteKey[c + 1], siteKey[c + 1],
|
||||
sitePassword[c] );
|
||||
}
|
||||
mpw_free( sitePasswordSeed, sizeof( sitePasswordSeed ) );
|
||||
|
||||
return sitePassword;
|
||||
}
|
||||
|
@ -102,7 +102,7 @@ bool mpw_update_masterKey(MPMasterKey *masterKey, MPAlgorithmVersion *masterKeyA
|
||||
if (*masterKeyAlgorithm != targetKeyAlgorithm) {
|
||||
mpw_free( *masterKey, MPMasterKeySize );
|
||||
*masterKeyAlgorithm = targetKeyAlgorithm;
|
||||
*masterKey = mpw_masterKeyForUser(
|
||||
*masterKey = mpw_masterKey(
|
||||
fullName, masterPassword, *masterKeyAlgorithm );
|
||||
if (!*masterKey) {
|
||||
err( "Couldn't derive master key for user %s, algorithm %d.\n", fullName, *masterKeyAlgorithm );
|
||||
|
@ -170,8 +170,11 @@ static bool mpw_marshall_write_flat(
|
||||
return false;
|
||||
}
|
||||
|
||||
if (site.type & MPSiteTypeClassGenerated)
|
||||
content = mpw_passwordForSite( masterKey, site.name, site.type, site.counter, MPSiteVariantPassword, NULL, site.algorithm );
|
||||
if (site.type & MPSiteTypeClassGenerated) {
|
||||
MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, site.counter, MPSiteVariantPassword, NULL, site.algorithm );
|
||||
content = mpw_sitePassword( siteKey, site.type, site.algorithm );
|
||||
mpw_free( siteKey, MPSiteKeySize );
|
||||
}
|
||||
else if (content) {
|
||||
// TODO: Decrypt Personal Passwords
|
||||
//content = aes128_cbc( masterKey, content );
|
||||
@ -250,8 +253,11 @@ static bool mpw_marshall_write_json(
|
||||
return false;
|
||||
}
|
||||
|
||||
if (site.type & MPSiteTypeClassGenerated)
|
||||
content = mpw_passwordForSite( masterKey, site.name, site.type, site.counter, MPSiteVariantPassword, NULL, site.algorithm );
|
||||
if (site.type & MPSiteTypeClassGenerated) {
|
||||
MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, site.counter, MPSiteVariantPassword, NULL, site.algorithm );
|
||||
content = mpw_sitePassword( siteKey, site.type, site.algorithm );
|
||||
mpw_free( siteKey, MPSiteKeySize );
|
||||
}
|
||||
else if (content) {
|
||||
// TODO: Decrypt Personal Passwords
|
||||
//content = aes128_cbc( masterKey, content );
|
||||
@ -284,8 +290,9 @@ static bool mpw_marshall_write_json(
|
||||
json_object_object_add( json_site_questions, question.keyword, json_site_question );
|
||||
|
||||
if (!user->redacted) {
|
||||
const char *answer = mpw_passwordForSite( masterKey, site.name, MPSiteTypeGeneratedPhrase, 1,
|
||||
MPSiteVariantAnswer, question.keyword, site.algorithm );
|
||||
MPSiteKey siteKey = mpw_siteKey( masterKey, site.name, 1, MPSiteVariantAnswer, question.keyword, site.algorithm );
|
||||
const char *answer = mpw_sitePassword( siteKey, MPSiteTypeGeneratedPhrase, site.algorithm );
|
||||
mpw_free( siteKey, MPSiteKeySize );
|
||||
if (answer)
|
||||
json_object_object_add( json_site_question, "answer", json_object_new_string( answer ) );
|
||||
}
|
||||
|
@ -33,7 +33,9 @@
|
||||
|
||||
#define MPMasterKeySize 64
|
||||
typedef const uint8_t *MPMasterKey;
|
||||
typedef const char *MPMasterKeyID;
|
||||
#define MPSiteKeySize 256 / 8 // Bytes in HMAC-SHA-256
|
||||
typedef const uint8_t *MPSiteKey;
|
||||
typedef const char *MPKeyID;
|
||||
|
||||
typedef enum( unsigned int, MPSiteVariant ) {
|
||||
/** Generate a key for authentication. */
|
||||
|
@ -136,7 +136,10 @@ uint8_t const *mpw_hmac_sha256(const uint8_t *key, const size_t keySize, const u
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *mpw_id_buf(const void *buf, size_t length) {
|
||||
MPKeyID mpw_id_buf(const void *buf, size_t length) {
|
||||
|
||||
if (!buf)
|
||||
return "<unset>";
|
||||
|
||||
#if HAS_CPERCIVA
|
||||
uint8_t hash[32];
|
||||
|
@ -122,7 +122,7 @@ const char *mpw_hex(const void *buf, size_t length);
|
||||
const char *mpw_hex_l(uint32_t number);
|
||||
/** Encode a fingerprint for a buffer.
|
||||
* @return A C-string in a reused buffer, do not free or store it. */
|
||||
const char *mpw_id_buf(const void *buf, size_t length);
|
||||
MPKeyID mpw_id_buf(const void *buf, size_t length);
|
||||
/** Compare two fingerprints for equality.
|
||||
* @return true if the buffers represent identical fingerprints. */
|
||||
bool mpw_id_buf_equals(const char *id1, const char *id2);
|
||||
|
@ -128,7 +128,7 @@ static NSOperationQueue *_mpwQueue = nil;
|
||||
__block NSData *keyData;
|
||||
[self mpw_perform:^{
|
||||
NSDate *start = [NSDate date];
|
||||
MPMasterKey masterKey = mpw_masterKeyForUser( fullName.UTF8String, masterPassword.UTF8String, [self version] );
|
||||
MPMasterKey masterKey = mpw_masterKey( fullName.UTF8String, masterPassword.UTF8String, [self version] );
|
||||
if (masterKey) {
|
||||
keyData = [NSData dataWithBytes:masterKey length:MPMasterKeySize];
|
||||
trc( @"User: %@, password: %@ derives to key ID: %@ (took %0.2fs)", //
|
||||
|
@ -64,7 +64,7 @@ int main(int argc, char *const argv[]) {
|
||||
// Similar to phase-two of mpw
|
||||
uint8_t *sitePasswordInfo = malloc( 128 );
|
||||
iterations = 3000000;
|
||||
masterKey = mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent );
|
||||
masterKey = mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent );
|
||||
if (!masterKey)
|
||||
ftl( "Could not allocate master key: %d\n", errno );
|
||||
mpw_getTime( &startTime );
|
||||
@ -95,7 +95,7 @@ int main(int argc, char *const argv[]) {
|
||||
iterations = 50;
|
||||
mpw_getTime( &startTime );
|
||||
for (int i = 1; i <= iterations; ++i) {
|
||||
free( (void *)mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent ) );
|
||||
free( (void *)mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent ) );
|
||||
|
||||
if (modff(100.f * i / iterations, &percent) == 0)
|
||||
fprintf( stderr, "\rscrypt_mpw: iteration %d / %d (%.0f%%)..", i, iterations, percent );
|
||||
@ -107,13 +107,16 @@ int main(int argc, char *const argv[]) {
|
||||
iterations = 50;
|
||||
mpw_getTime( &startTime );
|
||||
for (int i = 1; i <= iterations; ++i) {
|
||||
masterKey = mpw_masterKeyForUser( fullName, masterPassword, MPAlgorithmVersionCurrent );
|
||||
masterKey = mpw_masterKey( fullName, masterPassword, MPAlgorithmVersionCurrent );
|
||||
if (!masterKey)
|
||||
ftl( "Could not allocate master key: %d\n", errno );
|
||||
|
||||
free( (void *)mpw_passwordForSite(
|
||||
masterKey, siteName, siteType, siteCounter, siteVariant, siteContext, MPAlgorithmVersionCurrent ) );
|
||||
MPSiteKey siteKey = mpw_siteKey(
|
||||
masterKey, siteName, siteCounter, siteVariant, siteContext, MPAlgorithmVersionCurrent );
|
||||
free( (void *)mpw_sitePassword(
|
||||
siteKey, siteType, MPAlgorithmVersionCurrent ) );
|
||||
free( (void *)masterKey );
|
||||
free( (void *)siteKey );
|
||||
|
||||
if (modff(100.f * i / iterations, &percent) == 0)
|
||||
fprintf( stderr, "\rmpw: iteration %d / %d (%.0f%%)..", i, iterations, percent );
|
||||
|
@ -311,16 +311,17 @@ int main(int argc, char *const argv[]) {
|
||||
mpw_free_string( identicon );
|
||||
|
||||
// Output the password.
|
||||
MPMasterKey masterKey = mpw_masterKeyForUser(
|
||||
MPMasterKey masterKey = mpw_masterKey(
|
||||
fullName, masterPassword, algorithmVersion );
|
||||
mpw_free_string( masterPassword );
|
||||
mpw_free_string( fullName );
|
||||
if (!masterKey)
|
||||
ftl( "Couldn't derive master key." );
|
||||
|
||||
const char *sitePassword = mpw_passwordForSite(
|
||||
masterKey, siteName, siteType, siteCounter, siteVariant, siteContextArg, algorithmVersion );
|
||||
MPSiteKey siteKey = mpw_siteKey( masterKey, siteName, siteCounter, siteVariant, siteContextArg, algorithmVersion );
|
||||
const char *sitePassword = mpw_sitePassword(siteKey, siteType, algorithmVersion );
|
||||
mpw_free( masterKey, MPMasterKeySize );
|
||||
mpw_free( siteKey, MPSiteKeySize );
|
||||
mpw_free_string( siteName );
|
||||
if (!sitePassword)
|
||||
ftl( "Couldn't derive site password." );
|
||||
|
@ -24,7 +24,7 @@ int main(int argc, char *const argv[]) {
|
||||
|
||||
// Read in the test case.
|
||||
xmlChar *id = mpw_xmlTestCaseString( testCase, "id" );
|
||||
uint32_t algorithm = mpw_xmlTestCaseInteger( testCase, "algorithm" );
|
||||
MPAlgorithmVersion algorithm = (MPAlgorithmVersion)mpw_xmlTestCaseInteger( testCase, "algorithm" );
|
||||
xmlChar *fullName = mpw_xmlTestCaseString( testCase, "fullName" );
|
||||
xmlChar *masterPassword = mpw_xmlTestCaseString( testCase, "masterPassword" );
|
||||
xmlChar *keyID = mpw_xmlTestCaseString( testCase, "keyID" );
|
||||
@ -46,15 +46,18 @@ int main(int argc, char *const argv[]) {
|
||||
}
|
||||
|
||||
// 1. calculate the master key.
|
||||
MPMasterKey masterKey = mpw_masterKeyForUser(
|
||||
MPMasterKey masterKey = mpw_masterKey(
|
||||
(char *)fullName, (char *)masterPassword, algorithm );
|
||||
if (!masterKey)
|
||||
ftl( "Couldn't derive master key." );
|
||||
|
||||
// 2. calculate the site password.
|
||||
const char *sitePassword = mpw_passwordForSite(
|
||||
masterKey, (char *)siteName, siteType, siteCounter, siteVariant, (char *)siteContext, algorithm );
|
||||
MPSiteKey siteKey = mpw_siteKey(
|
||||
masterKey, (char *)siteName, siteCounter, siteVariant, (char *)siteContext, algorithm );
|
||||
const char *sitePassword = mpw_sitePassword(
|
||||
siteKey, siteType, algorithm );
|
||||
mpw_free( masterKey, MPMasterKeySize );
|
||||
mpw_free( siteKey, MPSiteKeySize );
|
||||
if (!sitePassword)
|
||||
ftl( "Couldn't derive site password." );
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user