From 3b807faf30c2a296da3422bef5d3ac67b0a173e8 Mon Sep 17 00:00:00 2001 From: "Ryan C. Gordon" Date: Sun, 8 Nov 2015 23:32:34 -0500 Subject: [PATCH] Added experimental support for using a "trusted device." This might be a terrible idea, just experimenting here. --- 1pass.c | 59 +++++++++++++++++- 1pass.lua | 93 +++++++++++++++++++++++++++-- CMakeLists.txt | 1 + sha256.c | 158 +++++++++++++++++++++++++++++++++++++++++++++++++ sha256.h | 34 +++++++++++ 5 files changed, 339 insertions(+), 6 deletions(-) create mode 100644 sha256.c create mode 100644 sha256.h diff --git a/1pass.c b/1pass.c index 691efe7..02c69e7 100644 --- a/1pass.c +++ b/1pass.c @@ -8,7 +8,7 @@ #include #include #include - +#include #include "lua.h" #include "lauxlib.h" #include "lualib.h" @@ -16,6 +16,7 @@ #include "aes.h" #include "base64.h" #include "md5.h" +#include "sha256.h" #include "keyhook.h" #include @@ -363,6 +364,24 @@ static int decryptBase64UsingKey(lua_State *L) } // decryptBase64UsingKey +static void calcSha256(const BYTE *buf, const size_t len, BYTE *hash) +{ + SHA256_CTX sha256; + sha256_init(&sha256); + sha256_update(&sha256, buf, len); + sha256_final(&sha256, hash); +} // calcSha256 + +static int calcSha256_Lua(lua_State *L) +{ + size_t len = 0; + const char *str = luaL_checklstring(L, 1, &len); + BYTE hash[32]; + calcSha256(str, len, hash); + return retvalStringBytes(L, hash, sizeof (hash)); +} // calcSha256_Lua + + static int runGuiPasswordPrompt(lua_State *L) { const char *hintstr = lua_tostring(L, 1); @@ -539,7 +558,18 @@ static int guiAddMenuItem(lua_State *L) { GtkWidget *vbox = (GtkWidget *) lua_touserdata(L, 1); const char *label = luaL_checkstring(L, 2); - const int callback = makeLuaCallback(L, 3); + const int checked = lua_toboolean(L, 3); + const int callback = makeLuaCallback(L, 4); + + if (checked) + { + // !!! FIXME: this is pretty lousy. + const size_t len = strlen(label) + 5; + char *buf = (char *) alloca(len); + snprintf(buf, len, "[X] %s", label); + label = buf; + } // if + GtkWidget *item = GTK_WIDGET(gtk_button_new_with_label(label)); g_signal_connect(item, "key-press-event", G_CALLBACK(checkForEscapeKey), NULL); g_signal_connect(item, "clicked", G_CALLBACK(clickedMenuItem), (gpointer) ((size_t)callback)); @@ -662,6 +692,29 @@ static int giveControlToGui(lua_State *L) } // giveControlToGui +static int getMountedDisks(lua_State *L) +{ + lua_newtable(L); + int luai = 1; + + FILE *mounts = setmntent("/etc/mtab", "r"); + if (mounts != NULL) + { + struct mntent *ent = NULL; + while ((ent = getmntent(mounts)) != NULL) + { + lua_pushinteger(luaState, luai); + lua_pushstring(luaState, ent->mnt_dir); + lua_settable(luaState, -3); + luai++; + } // while + endmntent(mounts); + } // if + + return 1; // return the table. +} // getMountedDisks + + static void *luaAlloc(void *ud, void *ptr, size_t osize, size_t nsize) { if (nsize == 0) @@ -717,6 +770,8 @@ static int initLua(const int argc, char **argv) luaSetCFunc(luaState, runGuiPasswordPrompt, "runGuiPasswordPrompt"); luaSetCFunc(luaState, copyToClipboard, "copyToClipboard"); luaSetCFunc(luaState, setPowermateLED_Lua, "setPowermateLED"); + luaSetCFunc(luaState, calcSha256_Lua, "calcSha256"); + luaSetCFunc(luaState, getMountedDisks, "getMountedDisks"); luaSetCFunc(luaState, guiCreateTopLevelMenu, "guiCreateTopLevelMenu"); luaSetCFunc(luaState, guiCreateSubMenu, "guiCreateSubMenu"); diff --git a/1pass.lua b/1pass.lua index 127385b..1aae8b2 100644 --- a/1pass.lua +++ b/1pass.lua @@ -52,7 +52,7 @@ local function load_json(fname) return nil end - local str = f:read("*all") + local str = f:read("*a") f:close() return load_json_str(str, fname) @@ -102,7 +102,7 @@ local function getHint() return end - local str = "(hint is '" .. f:read("*all") .. "')." + local str = "(hint is '" .. f:read("*a") .. "')." f:close() --print(str) return str @@ -131,6 +131,9 @@ local function setMenuItemSubmenu(menuitem, submenu) menuitem["submenu"] = submenu end +local function setMenuItemChecked(menuitem, ischecked) + menuitem["checked"] = ischecked +end local function build_secret_menuitem(menu, type, str, hidden) @@ -423,7 +426,7 @@ local function buildGuiMenuItem(guimenu, item) return spawnSubMenu(button, submenu, depth) end end - guiAddMenuItem(guimenu, item["text"], cb) + guiAddMenuItem(guimenu, item["text"], item["checked"], cb) end buildGuiMenuList = function(guimenu, list) @@ -494,6 +497,71 @@ local function launchGuiMenu(topmenu) guiShowWindow(guimenu) end +local trustedDisks = {} + +local function getTrustedDiskChecksumPath(mntpoint) + return mntpoint .. "/1pass.dat" +end + +local function getTrustedDiskChecksum(mntpoint) + local f = io.open(getTrustedDiskChecksumPath(mntpoint), "rb") + if f == nil then + return nil + end + + local str = f:read("*a") + f:close() + return calcSha256(str) +end + +local function choseTrustedDisk(mntpoint) + if trustedDisks[mntpoint] ~= nil then + trustedDisks[mntpoint] = nil -- no longer check existing trusted disk. + else + -- !!! FIXME: probably needs a message box if this fails. + local checksum = getTrustedDiskChecksum(mntpoint) + -- No checksum file yet? Generate and write out a random string. + if checksum == nil then + local f = io.open("/dev/urandom", "rb") + if f ~= nil then + local str = f:read(4096) + f:close() + if (str ~= nil) and (#str == 4096) then + f = io.open(getTrustedDiskChecksumPath(mntpoint), "wb") + if f ~= nil then + if f:write(str) and f:flush() then + checksum = calcSha256(str) + end + f:close() + end + end + end + end + trustedDisks[mntpoint] = checksum + end + + -- kill the popup if it exists. + -- !!! FIXME: put this in its own function, this is a copy/paste from elsewhere. + if (keyhookGuiMenus ~= nil) and (keyhookGuiMenus[1] ~= nil) then + guiDestroyMenu(keyhookGuiMenus[1]) + end +end + +local function buildTrustedDeviceMenu() + local menu = makeMenu() + local disks = getMountedDisks() -- this is a C function. + + table.sort(disks, function(a, b) return a < b end) + for i,v in ipairs(disks) do + local item = appendMenuItem(menu, v, function() choseTrustedDisk(v) end) + if trustedDisks[v] ~= nil then + setMenuItemChecked(item, true) + end + end + + return menu +end + function keyhookPressed() -- not local! Called from C! --print("keyhookPressed: running==" .. tostring(keyhookRunning)) if keyhookRunning then @@ -502,6 +570,20 @@ function keyhookPressed() -- not local! Called from C! keyhookRunning = true + local allowaccess = true; + for mntpoint,checksum in pairs(trustedDisks) do + if getTrustedDiskChecksum(mntpoint) ~= checksum then + allowaccess = false + break + end + end + + if not allowaccess then + -- !!! FIXME: probably needs a message box if this happens. + keyhookRunning = false + return + end + while password == nil do password = runGuiPasswordPrompt(getHint()) if password == nil then @@ -528,11 +610,14 @@ function keyhookPressed() -- not local! Called from C! local topmenu = makeMenu() local favesmenu = makeMenu() + local securitymenu = makeMenu() faveitems = {} setMenuItemSubmenu(appendMenuItem(topmenu, "Favorites"), favesmenu) + setMenuItemSubmenu(appendMenuItem(topmenu, "Security"), securitymenu) - appendMenuItem(topmenu, "Lock keychain", function() lockKeychain() end) + appendMenuItem(securitymenu, "Lock keychain now", function() lockKeychain() end) + setMenuItemSubmenu(appendMenuItem(securitymenu, "Require trusted device"), buildTrustedDeviceMenu()) for orderi,type in ipairs(passwordTypeOrdering) do local bucket = items[type] diff --git a/CMakeLists.txt b/CMakeLists.txt index 412e71c..e2925bc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -80,6 +80,7 @@ add_executable(1pass aes.c md5.c sha1.c + sha256.c base64.c lua/lapi.c lua/ldebug.c diff --git a/sha256.c b/sha256.c new file mode 100644 index 0000000..eb9c5c0 --- /dev/null +++ b/sha256.c @@ -0,0 +1,158 @@ +/********************************************************************* +* Filename: sha256.c +* Author: Brad Conte (brad AT bradconte.com) +* Copyright: +* Disclaimer: This code is presented "as is" without any guarantees. +* Details: Implementation of the SHA-256 hashing algorithm. + SHA-256 is one of the three algorithms in the SHA2 + specification. The others, SHA-384 and SHA-512, are not + offered in this implementation. + Algorithm specification can be found here: + * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf + This implementation uses little endian byte order. +*********************************************************************/ + +/*************************** HEADER FILES ***************************/ +#include +#include +#include "sha256.h" + +/****************************** MACROS ******************************/ +#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b)))) +#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b)))) + +#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z))) +#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22)) +#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25)) +#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3)) +#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10)) + +/**************************** VARIABLES *****************************/ +static const WORD k[64] = { + 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5, + 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174, + 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da, + 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967, + 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85, + 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070, + 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3, + 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +}; + +/*********************** FUNCTION DEFINITIONS ***********************/ +void sha256_transform(SHA256_CTX *ctx, const BYTE data[]) +{ + WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64]; + + for (i = 0, j = 0; i < 16; ++i, j += 4) + m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]); + for ( ; i < 64; ++i) + m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16]; + + a = ctx->state[0]; + b = ctx->state[1]; + c = ctx->state[2]; + d = ctx->state[3]; + e = ctx->state[4]; + f = ctx->state[5]; + g = ctx->state[6]; + h = ctx->state[7]; + + for (i = 0; i < 64; ++i) { + t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i]; + t2 = EP0(a) + MAJ(a,b,c); + h = g; + g = f; + f = e; + e = d + t1; + d = c; + c = b; + b = a; + a = t1 + t2; + } + + ctx->state[0] += a; + ctx->state[1] += b; + ctx->state[2] += c; + ctx->state[3] += d; + ctx->state[4] += e; + ctx->state[5] += f; + ctx->state[6] += g; + ctx->state[7] += h; +} + +void sha256_init(SHA256_CTX *ctx) +{ + ctx->datalen = 0; + ctx->bitlen = 0; + ctx->state[0] = 0x6a09e667; + ctx->state[1] = 0xbb67ae85; + ctx->state[2] = 0x3c6ef372; + ctx->state[3] = 0xa54ff53a; + ctx->state[4] = 0x510e527f; + ctx->state[5] = 0x9b05688c; + ctx->state[6] = 0x1f83d9ab; + ctx->state[7] = 0x5be0cd19; +} + +void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len) +{ + WORD i; + + for (i = 0; i < len; ++i) { + ctx->data[ctx->datalen] = data[i]; + ctx->datalen++; + if (ctx->datalen == 64) { + sha256_transform(ctx, ctx->data); + ctx->bitlen += 512; + ctx->datalen = 0; + } + } +} + +void sha256_final(SHA256_CTX *ctx, BYTE hash[]) +{ + WORD i; + + i = ctx->datalen; + + // Pad whatever data is left in the buffer. + if (ctx->datalen < 56) { + ctx->data[i++] = 0x80; + while (i < 56) + ctx->data[i++] = 0x00; + } + else { + ctx->data[i++] = 0x80; + while (i < 64) + ctx->data[i++] = 0x00; + sha256_transform(ctx, ctx->data); + memset(ctx->data, 0, 56); + } + + // Append to the padding the total message's length in bits and transform. + ctx->bitlen += ctx->datalen * 8; + ctx->data[63] = ctx->bitlen; + ctx->data[62] = ctx->bitlen >> 8; + ctx->data[61] = ctx->bitlen >> 16; + ctx->data[60] = ctx->bitlen >> 24; + ctx->data[59] = ctx->bitlen >> 32; + ctx->data[58] = ctx->bitlen >> 40; + ctx->data[57] = ctx->bitlen >> 48; + ctx->data[56] = ctx->bitlen >> 56; + sha256_transform(ctx, ctx->data); + + // Since this implementation uses little endian byte ordering and SHA uses big endian, + // reverse all the bytes when copying the final state to the output hash. + for (i = 0; i < 4; ++i) { + hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff; + hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff; + hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff; + hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff; + hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff; + hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff; + hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff; + hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff; + } +} diff --git a/sha256.h b/sha256.h new file mode 100644 index 0000000..7123a30 --- /dev/null +++ b/sha256.h @@ -0,0 +1,34 @@ +/********************************************************************* +* Filename: sha256.h +* Author: Brad Conte (brad AT bradconte.com) +* Copyright: +* Disclaimer: This code is presented "as is" without any guarantees. +* Details: Defines the API for the corresponding SHA1 implementation. +*********************************************************************/ + +#ifndef SHA256_H +#define SHA256_H + +/*************************** HEADER FILES ***************************/ +#include + +/****************************** MACROS ******************************/ +#define SHA256_BLOCK_SIZE 32 // SHA256 outputs a 32 byte digest + +/**************************** DATA TYPES ****************************/ +typedef unsigned char BYTE; // 8-bit byte +typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines + +typedef struct { + BYTE data[64]; + WORD datalen; + unsigned long long bitlen; + WORD state[8]; +} SHA256_CTX; + +/*********************** FUNCTION DECLARATIONS **********************/ +void sha256_init(SHA256_CTX *ctx); +void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len); +void sha256_final(SHA256_CTX *ctx, BYTE hash[]); + +#endif // SHA256_H