|
icculus@0
|
1 |
#include <stdio.h>
|
|
icculus@0
|
2 |
#include <stdlib.h>
|
|
icculus@0
|
3 |
#include <string.h>
|
|
icculus@0
|
4 |
#include <assert.h>
|
|
icculus@0
|
5 |
#include "lua.h"
|
|
icculus@0
|
6 |
#include "lauxlib.h"
|
|
icculus@0
|
7 |
#include "lualib.h"
|
|
icculus@0
|
8 |
#include "pkcs5_pbkdf2.h"
|
|
icculus@0
|
9 |
#include "aes.h"
|
|
icculus@0
|
10 |
#include "base64.h"
|
|
icculus@0
|
11 |
#include "md5.h"
|
|
icculus@0
|
12 |
|
|
icculus@0
|
13 |
#define STATICARRAYLEN(x) ( (sizeof ((x))) / (sizeof ((x)[0])) )
|
|
icculus@0
|
14 |
|
|
icculus@0
|
15 |
static lua_State *luaState = NULL;
|
|
icculus@0
|
16 |
static const uint8_t zero16[16] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
|
|
icculus@0
|
17 |
static const char saltprefix[] = { 'S', 'a', 'l', 't', 'e', 'd', '_', '_' };
|
|
icculus@0
|
18 |
|
|
icculus@0
|
19 |
static inline int retvalStringBytes(lua_State *L, const uint8_t *str, size_t len)
|
|
icculus@0
|
20 |
{
|
|
icculus@0
|
21 |
if (str != NULL)
|
|
icculus@0
|
22 |
lua_pushlstring(L, (const char *) str, len);
|
|
icculus@0
|
23 |
else
|
|
icculus@0
|
24 |
lua_pushnil(L);
|
|
icculus@0
|
25 |
return 1;
|
|
icculus@0
|
26 |
} // retvalStringBytes
|
|
icculus@0
|
27 |
|
|
icculus@0
|
28 |
static inline void xorBlock(uint8_t *dst, const uint8_t *src)
|
|
icculus@0
|
29 |
{
|
|
icculus@0
|
30 |
int i;
|
|
icculus@0
|
31 |
for (i = 0; i < 16; i++, dst++, src++)
|
|
icculus@0
|
32 |
*dst ^= *src;
|
|
icculus@0
|
33 |
} // xorBlock
|
|
icculus@0
|
34 |
|
|
icculus@0
|
35 |
static int decryptUsingKeyAndIvec(uint8_t *data, size_t *datalen, const uint8_t *key, const uint8_t *iv)
|
|
icculus@0
|
36 |
{
|
|
icculus@0
|
37 |
const size_t blocks = *datalen / 16;
|
|
icculus@0
|
38 |
uint8_t *block = data + ((blocks-1) * 16); // start at final block, work backwards
|
|
icculus@0
|
39 |
const uint8_t *padding = &block[15];
|
|
icculus@0
|
40 |
uint8_t expkey[aesExpandedKeySize];
|
|
icculus@0
|
41 |
size_t i;
|
|
icculus@0
|
42 |
|
|
icculus@0
|
43 |
if (blocks == 0)
|
|
icculus@0
|
44 |
return 1; // nothing to do.
|
|
icculus@0
|
45 |
|
|
icculus@0
|
46 |
aesExpandKey(key, expkey);
|
|
icculus@0
|
47 |
|
|
icculus@0
|
48 |
for (i = 0; i < blocks-1; i++)
|
|
icculus@0
|
49 |
{
|
|
icculus@0
|
50 |
aesDecrypt(block, expkey, block); // decrypt in place.
|
|
icculus@0
|
51 |
xorBlock(block, block-16);
|
|
icculus@0
|
52 |
block -= 16;
|
|
icculus@0
|
53 |
}
|
|
icculus@0
|
54 |
aesDecrypt(block, expkey, block); // decrypt in place.
|
|
icculus@0
|
55 |
xorBlock(block, iv); // xor against initial vector for final block.
|
|
icculus@0
|
56 |
|
|
icculus@0
|
57 |
if (*padding > 16)
|
|
icculus@0
|
58 |
return 0; // bad data?
|
|
icculus@0
|
59 |
|
|
icculus@0
|
60 |
*datalen -= *padding;
|
|
icculus@0
|
61 |
|
|
icculus@0
|
62 |
return 1;
|
|
icculus@0
|
63 |
} // decryptBinaryUsingKeyAndIvec
|
|
icculus@0
|
64 |
|
|
icculus@0
|
65 |
|
|
icculus@0
|
66 |
static inline int isSalted(const uint8_t *data, const size_t datalen)
|
|
icculus@0
|
67 |
{
|
|
icculus@0
|
68 |
return ( (datalen > sizeof (saltprefix)) &&
|
|
icculus@0
|
69 |
(memcmp(data, saltprefix, sizeof (saltprefix)) == 0) );
|
|
icculus@0
|
70 |
} // isSalted
|
|
icculus@0
|
71 |
|
|
icculus@0
|
72 |
|
|
icculus@0
|
73 |
static int decryptUsingPBKDF2(lua_State *L)
|
|
icculus@0
|
74 |
{
|
|
icculus@0
|
75 |
const char *base64 = luaL_checkstring(L, 1);
|
|
icculus@0
|
76 |
const char *password = luaL_checkstring(L, 2);
|
|
icculus@0
|
77 |
const int iterations = luaL_checkinteger(L, 3);
|
|
icculus@0
|
78 |
size_t datalen = strlen(base64);
|
|
icculus@0
|
79 |
uint8_t *dataptr = (uint8_t *) malloc(datalen);
|
|
icculus@0
|
80 |
uint8_t *data = dataptr;
|
|
icculus@0
|
81 |
base64_decodestate base64state;
|
|
icculus@0
|
82 |
|
|
icculus@0
|
83 |
base64_init_decodestate(&base64state);
|
|
icculus@0
|
84 |
datalen = base64_decode_block(base64, (int) datalen, data, &base64state);
|
|
icculus@0
|
85 |
|
|
icculus@0
|
86 |
const uint8_t *salt = zero16;
|
|
icculus@0
|
87 |
int saltlen = sizeof (zero16);
|
|
icculus@0
|
88 |
if (isSalted(data, datalen))
|
|
icculus@0
|
89 |
{
|
|
icculus@0
|
90 |
salt = data + 8;
|
|
icculus@0
|
91 |
saltlen = 8;
|
|
icculus@0
|
92 |
data += 16;
|
|
icculus@0
|
93 |
datalen -= 16;
|
|
icculus@0
|
94 |
} // if
|
|
icculus@0
|
95 |
|
|
icculus@0
|
96 |
uint8_t output[32];
|
|
icculus@0
|
97 |
pkcs5_pbkdf2(password, strlen(password), salt, saltlen, output, sizeof (output), (unsigned int) iterations);
|
|
icculus@0
|
98 |
|
|
icculus@0
|
99 |
const uint8_t *aeskey = &output[0];
|
|
icculus@0
|
100 |
const uint8_t *aesiv = &output[16];
|
|
icculus@0
|
101 |
if (decryptUsingKeyAndIvec(data, &datalen, aeskey, aesiv))
|
|
icculus@0
|
102 |
retvalStringBytes(L, data, datalen);
|
|
icculus@0
|
103 |
else
|
|
icculus@0
|
104 |
lua_pushnil(L);
|
|
icculus@0
|
105 |
|
|
icculus@0
|
106 |
free(dataptr);
|
|
icculus@0
|
107 |
return 1;
|
|
icculus@0
|
108 |
} // decryptUsingPBKDF2
|
|
icculus@0
|
109 |
|
|
icculus@0
|
110 |
|
|
icculus@0
|
111 |
static int decryptBase64UsingKey(lua_State *L)
|
|
icculus@0
|
112 |
{
|
|
icculus@0
|
113 |
size_t keylen = 0;
|
|
icculus@0
|
114 |
const char *base64 = luaL_checkstring(L, 1);
|
|
icculus@0
|
115 |
const uint8_t *key = (const uint8_t *) luaL_checklstring(L, 2, &keylen);
|
|
icculus@0
|
116 |
size_t datalen = strlen(base64);
|
|
icculus@0
|
117 |
uint8_t *dataptr = (uint8_t *) malloc(datalen);
|
|
icculus@0
|
118 |
uint8_t *data = dataptr;
|
|
icculus@0
|
119 |
base64_decodestate base64state;
|
|
icculus@0
|
120 |
|
|
icculus@0
|
121 |
base64_init_decodestate(&base64state);
|
|
icculus@0
|
122 |
datalen = base64_decode_block(base64, (int) datalen, data, &base64state);
|
|
icculus@0
|
123 |
|
|
icculus@0
|
124 |
uint8_t aeskey[16];
|
|
icculus@0
|
125 |
uint8_t aesiv[16];
|
|
icculus@0
|
126 |
MD5_CTX md5;
|
|
icculus@0
|
127 |
|
|
icculus@0
|
128 |
if (isSalted(data, datalen))
|
|
icculus@0
|
129 |
{
|
|
icculus@0
|
130 |
const uint8_t *salt = data + 8;
|
|
icculus@0
|
131 |
const size_t saltlen = 8;
|
|
icculus@0
|
132 |
data += 16;
|
|
icculus@0
|
133 |
datalen -= 16;
|
|
icculus@0
|
134 |
|
|
icculus@0
|
135 |
assert(aesNr == 10); // AES-256 needs more rounds.
|
|
icculus@0
|
136 |
assert(aesNk == 4); // hashing size is hardcoded later.
|
|
icculus@0
|
137 |
uint8_t hashing[32];
|
|
icculus@0
|
138 |
|
|
icculus@0
|
139 |
MD5_init(&md5);
|
|
icculus@0
|
140 |
MD5_append(&md5, key, keylen);
|
|
icculus@0
|
141 |
MD5_append(&md5, salt, saltlen);
|
|
icculus@0
|
142 |
MD5_finish(&md5, hashing);
|
|
icculus@0
|
143 |
|
|
icculus@0
|
144 |
MD5_init(&md5);
|
|
icculus@0
|
145 |
MD5_append(&md5, hashing, 16);
|
|
icculus@0
|
146 |
MD5_append(&md5, key, keylen);
|
|
icculus@0
|
147 |
MD5_append(&md5, salt, saltlen);
|
|
icculus@0
|
148 |
MD5_finish(&md5, &hashing[16]);
|
|
icculus@0
|
149 |
|
|
icculus@0
|
150 |
memcpy(aeskey, hashing, 4 * aesNk);
|
|
icculus@0
|
151 |
memcpy(aesiv, &hashing[4 * aesNk], 16);
|
|
icculus@0
|
152 |
} // if
|
|
icculus@0
|
153 |
else
|
|
icculus@0
|
154 |
{
|
|
icculus@0
|
155 |
MD5_init(&md5);
|
|
icculus@0
|
156 |
MD5_append(&md5, key, keylen);
|
|
icculus@0
|
157 |
MD5_finish(&md5, aeskey);
|
|
icculus@0
|
158 |
memset(aesiv, '\0', sizeof (aesiv));
|
|
icculus@0
|
159 |
} // else
|
|
icculus@0
|
160 |
|
|
icculus@0
|
161 |
if (decryptUsingKeyAndIvec(data, &datalen, aeskey, aesiv))
|
|
icculus@0
|
162 |
retvalStringBytes(L, data, datalen);
|
|
icculus@0
|
163 |
else
|
|
icculus@0
|
164 |
lua_pushnil(L);
|
|
icculus@0
|
165 |
|
|
icculus@0
|
166 |
free(dataptr);
|
|
icculus@0
|
167 |
return 1;
|
|
icculus@0
|
168 |
} // decryptBase64UsingKey
|
|
icculus@0
|
169 |
|
|
icculus@0
|
170 |
|
|
icculus@0
|
171 |
static void registerLuaLibs(lua_State *L)
|
|
icculus@0
|
172 |
{
|
|
icculus@0
|
173 |
// We always need the string and base libraries (although base has a
|
|
icculus@0
|
174 |
// few we could trim). The rest you can compile in if you want/need them.
|
|
icculus@0
|
175 |
int i;
|
|
icculus@0
|
176 |
static const luaL_Reg lualibs[] = {
|
|
icculus@0
|
177 |
{"_G", luaopen_base},
|
|
icculus@0
|
178 |
{LUA_STRLIBNAME, luaopen_string},
|
|
icculus@0
|
179 |
{LUA_TABLIBNAME, luaopen_table},
|
|
icculus@0
|
180 |
{LUA_LOADLIBNAME, luaopen_package},
|
|
icculus@0
|
181 |
{LUA_IOLIBNAME, luaopen_io},
|
|
icculus@0
|
182 |
{LUA_OSLIBNAME, luaopen_os},
|
|
icculus@0
|
183 |
{LUA_MATHLIBNAME, luaopen_math},
|
|
icculus@0
|
184 |
{LUA_DBLIBNAME, luaopen_debug},
|
|
icculus@0
|
185 |
{LUA_BITLIBNAME, luaopen_bit32},
|
|
icculus@0
|
186 |
{LUA_COLIBNAME, luaopen_coroutine},
|
|
icculus@0
|
187 |
};
|
|
icculus@0
|
188 |
|
|
icculus@0
|
189 |
for (i = 0; i < STATICARRAYLEN(lualibs); i++)
|
|
icculus@0
|
190 |
{
|
|
icculus@0
|
191 |
luaL_requiref(L, lualibs[i].name, lualibs[i].func, 1);
|
|
icculus@0
|
192 |
lua_pop(L, 1); // remove lib
|
|
icculus@0
|
193 |
} // for
|
|
icculus@0
|
194 |
} // registerLuaLibs
|
|
icculus@0
|
195 |
|
|
icculus@0
|
196 |
|
|
icculus@0
|
197 |
static void *luaAlloc(void *ud, void *ptr, size_t osize, size_t nsize)
|
|
icculus@0
|
198 |
{
|
|
icculus@0
|
199 |
if (nsize == 0)
|
|
icculus@0
|
200 |
{
|
|
icculus@0
|
201 |
free(ptr);
|
|
icculus@0
|
202 |
return NULL;
|
|
icculus@0
|
203 |
} // if
|
|
icculus@0
|
204 |
return realloc(ptr, nsize);
|
|
icculus@0
|
205 |
} // luaAlloc
|
|
icculus@0
|
206 |
|
|
icculus@0
|
207 |
|
|
icculus@0
|
208 |
static inline void luaSetCFunc(lua_State *L, lua_CFunction f, const char *sym)
|
|
icculus@0
|
209 |
{
|
|
icculus@0
|
210 |
lua_pushcfunction(L, f);
|
|
icculus@0
|
211 |
lua_setglobal(luaState, sym);
|
|
icculus@0
|
212 |
} // luaSetCFunc
|
|
icculus@0
|
213 |
|
|
icculus@0
|
214 |
|
|
icculus@0
|
215 |
static int luaFatal(lua_State *L)
|
|
icculus@0
|
216 |
{
|
|
icculus@0
|
217 |
const char *errstr = lua_tostring(L, -1);
|
|
icculus@0
|
218 |
fprintf(stderr, "Lua panic: %s\n", errstr ? errstr : "(?)");
|
|
icculus@0
|
219 |
fflush(stderr);
|
|
icculus@0
|
220 |
exit(1);
|
|
icculus@0
|
221 |
} // luaFatal
|
|
icculus@0
|
222 |
|
|
icculus@0
|
223 |
|
|
icculus@0
|
224 |
static int initLua(void)
|
|
icculus@0
|
225 |
{
|
|
icculus@0
|
226 |
assert(luaState == NULL);
|
|
icculus@0
|
227 |
luaState = lua_newstate(luaAlloc, NULL);
|
|
icculus@0
|
228 |
|
|
icculus@0
|
229 |
lua_atpanic(luaState, luaFatal);
|
|
icculus@0
|
230 |
assert(lua_checkstack(luaState, 20)); // Just in case.
|
|
icculus@0
|
231 |
registerLuaLibs(luaState);
|
|
icculus@0
|
232 |
|
|
icculus@0
|
233 |
// Set up initial C functions, etc we want to expose to Lua code...
|
|
icculus@0
|
234 |
luaSetCFunc(luaState, decryptUsingPBKDF2, "decryptUsingPBKDF2");
|
|
icculus@0
|
235 |
luaSetCFunc(luaState, decryptBase64UsingKey, "decryptBase64UsingKey");
|
|
icculus@0
|
236 |
|
|
icculus@0
|
237 |
// Transfer control to Lua to setup some APIs and state...
|
|
icculus@0
|
238 |
if (luaL_dofile(luaState, "1pass.lua") != 0)
|
|
icculus@0
|
239 |
{
|
|
icculus@0
|
240 |
const char *msg = lua_tostring(luaState, -1);
|
|
icculus@0
|
241 |
fprintf(stderr, "1pass.lua didn't run: %s\n", msg);
|
|
icculus@0
|
242 |
lua_pop(luaState, 1);
|
|
icculus@0
|
243 |
return 0;
|
|
icculus@0
|
244 |
} // if
|
|
icculus@0
|
245 |
|
|
icculus@0
|
246 |
return 1;
|
|
icculus@0
|
247 |
} // initLua
|
|
icculus@0
|
248 |
|
|
icculus@0
|
249 |
|
|
icculus@1
|
250 |
static void deinitLua(void)
|
|
icculus@0
|
251 |
{
|
|
icculus@0
|
252 |
if (luaState != NULL)
|
|
icculus@0
|
253 |
{
|
|
icculus@0
|
254 |
lua_close(luaState);
|
|
icculus@0
|
255 |
luaState = NULL;
|
|
icculus@0
|
256 |
} // if
|
|
icculus@0
|
257 |
} // deinitLua
|
|
icculus@0
|
258 |
|
|
icculus@0
|
259 |
|
|
icculus@0
|
260 |
int main(int argc, char **argv)
|
|
icculus@0
|
261 |
{
|
|
icculus@1
|
262 |
atexit(deinitLua);
|
|
icculus@0
|
263 |
|
|
icculus@1
|
264 |
if (!initLua()) // this will move control to 1pass.lua
|
|
icculus@0
|
265 |
{
|
|
icculus@0
|
266 |
fprintf(stderr, "uhoh\n");
|
|
icculus@0
|
267 |
return 1;
|
|
icculus@0
|
268 |
} // if
|
|
icculus@0
|
269 |
|
|
icculus@0
|
270 |
return 0;
|
|
icculus@0
|
271 |
} // main
|
|
icculus@0
|
272 |
|
|
icculus@0
|
273 |
// end of 1pass.c ...
|
|
icculus@0
|
274 |
|