Skip to content

Commit

Permalink
Initial work.
Browse files Browse the repository at this point in the history 
Goes far enough to decrypt and correctly verify the master key.
  • Loading branch information
@icculus
icculus committed Dec 18, 2013
0 parents commit 93a2c66
Show file tree
Hide file tree
Showing 78 changed files with 23,301 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .hgignore
@@ -0,0 +1,3 @@
syntax:glob
cmake-build
1Password
323 changes: 323 additions & 0 deletions 1pass.c
@@ -0,0 +1,323 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "lua.h"
#include "lauxlib.h"
#include "lualib.h"
#include "pkcs5_pbkdf2.h"
#include "aes.h"
#include "base64.h"
#include "md5.h"

#define STATICARRAYLEN(x) ( (sizeof ((x))) / (sizeof ((x)[0])) )

static lua_State *luaState = NULL;
static const uint8_t zero16[16] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
static const char saltprefix[] = { 'S', 'a', 'l', 't', 'e', 'd', '_', '_' };


static inline int retvalString(lua_State *L, const char *str)
{
if (str != NULL)
lua_pushstring(L, str);
else
lua_pushnil(L);
return 1;
} // retvalString


static inline int retvalStringBytes(lua_State *L, const uint8_t *str, size_t len)
{
//size_t i; printf("{\n"); for (i = 0; i < len; i++) { printf(" 0x%X\n", (unsigned int) str[i]); } printf(" }\n\n");

if (str != NULL)
lua_pushlstring(L, (const char *) str, len);
else
lua_pushnil(L);
return 1;
} // retvalStringBytes

static inline void xorBlock(uint8_t *dst, const uint8_t *src)
{
int i;
for (i = 0; i < 16; i++, dst++, src++)
*dst ^= *src;
} // xorBlock

static int decryptUsingKeyAndIvec(uint8_t *data, size_t *datalen, const uint8_t *key, const uint8_t *iv)
{
const size_t blocks = *datalen / 16;
uint8_t *block = data + ((blocks-1) * 16); // start at final block, work backwards
const uint8_t *padding = &block[15];
uint8_t expkey[aesExpandedKeySize];
size_t i;

if (blocks == 0)
return 1; // nothing to do.

aesExpandKey(key, expkey);

for (i = 0; i < blocks-1; i++)
{
aesDecrypt(block, expkey, block); // decrypt in place.
xorBlock(block, block-16);
block -= 16;
}
aesDecrypt(block, expkey, block); // decrypt in place.
xorBlock(block, iv); // xor against initial vector for final block.

if (*padding > 16)
return 0; // bad data?

*datalen -= *padding;

return 1;
} // decryptBinaryUsingKeyAndIvec


static inline int isSalted(const uint8_t *data, const size_t datalen)
{
return ( (datalen > sizeof (saltprefix)) &&
(memcmp(data, saltprefix, sizeof (saltprefix)) == 0) );
} // isSalted


static int decryptUsingPBKDF2(lua_State *L)
{
const char *base64 = luaL_checkstring(L, 1);
const char *password = luaL_checkstring(L, 2);
const int iterations = luaL_checkinteger(L, 3);
size_t datalen = strlen(base64);
uint8_t *dataptr = (uint8_t *) malloc(datalen);
uint8_t *data = dataptr;
base64_decodestate base64state;

base64_init_decodestate(&base64state);
datalen = base64_decode_block(base64, (int) datalen, data, &base64state);

const uint8_t *salt = zero16;
int saltlen = sizeof (zero16);
if (isSalted(data, datalen))
{
salt = data + 8;
saltlen = 8;
data += 16;
datalen -= 16;
} // if

uint8_t output[32];
pkcs5_pbkdf2(password, strlen(password), salt, saltlen, output, sizeof (output), (unsigned int) iterations);

const uint8_t *aeskey = &output[0];
const uint8_t *aesiv = &output[16];
if (decryptUsingKeyAndIvec(data, &datalen, aeskey, aesiv))
retvalStringBytes(L, data, datalen);
else
lua_pushnil(L);

free(dataptr);
return 1;
} // decryptUsingPBKDF2


static int decryptBase64UsingKey(lua_State *L)
{
size_t keylen = 0;
const char *base64 = luaL_checkstring(L, 1);
const uint8_t *key = (const uint8_t *) luaL_checklstring(L, 2, &keylen);
size_t datalen = strlen(base64);
uint8_t *dataptr = (uint8_t *) malloc(datalen);
uint8_t *data = dataptr;
base64_decodestate base64state;

base64_init_decodestate(&base64state);
datalen = base64_decode_block(base64, (int) datalen, data, &base64state);

uint8_t aeskey[16];
uint8_t aesiv[16];
MD5_CTX md5;

if (isSalted(data, datalen))
{
const uint8_t *salt = data + 8;
const size_t saltlen = 8;
data += 16;
datalen -= 16;

assert(aesNr == 10); // AES-256 needs more rounds.
assert(aesNk == 4); // hashing size is hardcoded later.
uint8_t hashing[32];

MD5_init(&md5);
MD5_append(&md5, key, keylen);
MD5_append(&md5, salt, saltlen);
MD5_finish(&md5, hashing);

MD5_init(&md5);
MD5_append(&md5, hashing, 16);
MD5_append(&md5, key, keylen);
MD5_append(&md5, salt, saltlen);
MD5_finish(&md5, &hashing[16]);

memcpy(aeskey, hashing, 4 * aesNk);
memcpy(aesiv, &hashing[4 * aesNk], 16);
} // if
else
{
MD5_init(&md5);
MD5_append(&md5, key, keylen);
MD5_finish(&md5, aeskey);
memset(aesiv, '\0', sizeof (aesiv));
} // else

if (decryptUsingKeyAndIvec(data, &datalen, aeskey, aesiv))
retvalStringBytes(L, data, datalen);
else
lua_pushnil(L);

free(dataptr);
return 1;
} // decryptBase64UsingKey


static void registerLuaLibs(lua_State *L)
{
// We always need the string and base libraries (although base has a
// few we could trim). The rest you can compile in if you want/need them.
int i;
static const luaL_Reg lualibs[] = {
{"_G", luaopen_base},
{LUA_STRLIBNAME, luaopen_string},
{LUA_TABLIBNAME, luaopen_table},
{LUA_LOADLIBNAME, luaopen_package},
{LUA_IOLIBNAME, luaopen_io},
{LUA_OSLIBNAME, luaopen_os},
{LUA_MATHLIBNAME, luaopen_math},
{LUA_DBLIBNAME, luaopen_debug},
{LUA_BITLIBNAME, luaopen_bit32},
{LUA_COLIBNAME, luaopen_coroutine},
};

for (i = 0; i < STATICARRAYLEN(lualibs); i++)
{
luaL_requiref(L, lualibs[i].name, lualibs[i].func, 1);
lua_pop(L, 1); // remove lib
} // for
} // registerLuaLibs


static void *luaAlloc(void *ud, void *ptr, size_t osize, size_t nsize)
{
if (nsize == 0)
{
free(ptr);
return NULL;
} // if
return realloc(ptr, nsize);
} // luaAlloc


static inline void luaSetCFunc(lua_State *L, lua_CFunction f, const char *sym)
{
lua_pushcfunction(L, f);
lua_setglobal(luaState, sym);
} // luaSetCFunc


static int luaFatal(lua_State *L)
{
const char *errstr = lua_tostring(L, -1);
fprintf(stderr, "Lua panic: %s\n", errstr ? errstr : "(?)");
fflush(stderr);
exit(1);
} // luaFatal


static int initLua(void)
{
assert(luaState == NULL);
luaState = lua_newstate(luaAlloc, NULL);

lua_atpanic(luaState, luaFatal);
assert(lua_checkstack(luaState, 20)); // Just in case.
registerLuaLibs(luaState);

// Set up initial C functions, etc we want to expose to Lua code...
luaSetCFunc(luaState, decryptUsingPBKDF2, "decryptUsingPBKDF2");
luaSetCFunc(luaState, decryptBase64UsingKey, "decryptBase64UsingKey");

// Transfer control to Lua to setup some APIs and state...
if (luaL_dofile(luaState, "1pass.lua") != 0)
{
const char *msg = lua_tostring(luaState, -1);
fprintf(stderr, "1pass.lua didn't run: %s\n", msg);
lua_pop(luaState, 1);
return 0;
} // if

return 1;
} // initLua


void deinitLua(void)
{
if (luaState != NULL)
{
lua_close(luaState);
luaState = NULL;
} // if
} // deinitLua



static char *loadKey(const char *baseDir, const char *level, const char *password)
{
char *retval = NULL;
lua_getglobal(luaState, "loadKey");
lua_pushstring(luaState, baseDir);
lua_pushstring(luaState, level);
lua_pushstring(luaState, password);
lua_call(luaState, 3, 1);
const char *str = lua_tostring(luaState, -1);
if (str)
retval = strdup(str);
lua_pop(luaState, 1);
return retval;
} // luafunc_loadKey


static char *sl5 = NULL;

int main(int argc, char **argv)
{
const char *basedir = "1Password/1Password.agilekeychain/data/default"; // !!! FIXME

char *password = NULL;
size_t pwlen = 0;
printf("password: "); fflush(stdout);
const ssize_t rc = getline(&password, &pwlen, stdin);
if (rc == -1)
return 1;
else if (password[rc-1] == '\n')
password[rc-1] = 0;

if (!initLua())
{
fprintf(stderr, "uhoh\n");
return 1;
} // if

sl5 = loadKey(basedir, "SL5", password);
if (!sl5)
{
fprintf(stderr, "wrong password?\n");
return 1;
} // if

free(sl5);
return 0;
} // main

// end of 1pass.c ...

0 comments on commit 93a2c66

Please sign in to comment.