From c68f097fd80dc0d09fdefa6d3499a8fb7e3bba98 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 16 Apr 2013 07:58:02 +0200 Subject: [PATCH 01/19] make basic functionality work --- tools/passhash.py | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/tools/passhash.py b/tools/passhash.py index 9487948..9be37fc 100644 --- a/tools/passhash.py +++ b/tools/passhash.py @@ -33,10 +33,16 @@ # # ***** END LICENSE BLOCK ***** */ +import getpass +import hashlib +import hmac +import sys +from base64 import b64encode + host = "passhash.passhash" def log(msg): - print msg + print(msg) # IMPORTANT: This function should be changed carefully. It must be # completely deterministic and consistent between releases. Otherwise @@ -58,7 +64,9 @@ def generateHashWord( restrictSpecial, restrictDigits): # Start with the SHA1-encrypted master key/site tag. - s = b64_hmac_sha1(masterKey, siteTag) + #s = b64_hmac_sha1(masterKey, siteTag) + h = hmac.new(masterKey, siteTag, hashlib.sha1) + s = b64encode(h.digest()) # Use the checksum of all characters as a pseudo-randomizing seed to # avoid making the injected characters easy to guess. Note that it # isn't random in the sense of not being deterministic (i.e. @@ -66,7 +74,7 @@ def generateHashWord( # characters so that they are guaranteed unique positions based on # their offsets. sum = 0 - for i in range(len(s): + for i in range(len(s)): sum += ord(s[i]) # Restrict digits just does a mod 10 of all the characters if restrictDigits: @@ -84,7 +92,7 @@ def generateHashWord( if restrictSpecial: s = removeSpecialCharacters(s, sum, hashWordSize) # Trim it to size. - return s.substr(0, hashWordSize) + return s[:hashWordSize] # This is a very specialized method to inject a character chosen from a # range of character codes into a block at the front of a string if one of @@ -138,4 +146,16 @@ def convertToDigits(sInput, seed, lenOut): if c.isdigit(): s += c else: - s += chr((seed + ord(sInput[i])) % 10 + 48) + s += chr((seed + ord(c)) % 10 + 48) + return s + + +if __name__ == "__main__": + site = sys.argv[1] + passw = getpass.getpass() + size = 14 + pw = generateHashWord( + site, passw, size, requireDigit=True, requirePunctuation=True, + requireMixedCase=True, restrictSpecial=False, + restrictDigits=False) + print(pw) From 03f7cf794ff4bbf040c753cbcb747f7b2ac70651 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 16 Apr 2013 08:05:04 +0200 Subject: [PATCH 02/19] add argparse --- tools/passhash.py | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/tools/passhash.py b/tools/passhash.py index 9be37fc..cade7de 100644 --- a/tools/passhash.py +++ b/tools/passhash.py @@ -151,11 +151,26 @@ def convertToDigits(sInput, seed, lenOut): if __name__ == "__main__": - site = sys.argv[1] - passw = getpass.getpass() + import argparse + parser = argparse.ArgumentParser( + description='generate PassHash hases from the commandline') + parser.add_argument('siteTag', nargs=1, help='The "siteTag" to use') + parser.add_argument('--hash-size', type=int, default=8) + parser.add_argument('--require-digest', type=bool, default=True) + parser.add_argument('--require-punctuation', type=bool, default=True) + parser.add_argument('--require-mixed-case', type=bool, default=True) + parser.add_argument('--restrict-special', type=bool, default=False) + parser.add_argument('--restrict-digits', type=bool, default=False) + args = parser.parse_args() + + site = args.siteTag[0] + passw = getpass.getpass("Please enter the master key: ") size = 14 pw = generateHashWord( - site, passw, size, requireDigit=True, requirePunctuation=True, - requireMixedCase=True, restrictSpecial=False, - restrictDigits=False) + site, passw, args.hash_size, + requireDigit=args.require_digest, + requirePunctuation=args.require_punctuation, + requireMixedCase=args.require_mixed_case, + restrictSpecial=args.restrict_special, + restrictDigits=args.restrict_digits) print(pw) From cf44008765ab12cefc52c32410b3a4e513bc5f74 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 5 Jun 2013 21:15:35 +0200 Subject: [PATCH 03/19] add sha512 module --- content/passhash-sha512.js | 497 +++++++++++++++++++++++++++++++++++++ 1 file changed, 497 insertions(+) create mode 100644 content/passhash-sha512.js diff --git a/content/passhash-sha512.js b/content/passhash-sha512.js new file mode 100644 index 0000000..47f7655 --- /dev/null +++ b/content/passhash-sha512.js @@ -0,0 +1,497 @@ +/* + * A JavaScript implementation of the Secure Hash Algorithm, SHA-512, as defined + * in FIPS 180-2 + * Version 2.2 Copyright Anonymous Contributor, Paul Johnston 2000 - 2009. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * Distributed under the BSD License + * See http://pajhome.org.uk/crypt/md5 for details. + */ + +/* + * Configurable variables. You may need to tweak these to be compatible with + * the server-side, but the defaults work in most cases. + */ +var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ +var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ + +/* + * These are the functions you'll usually want to call + * They take string arguments and return either hex or base-64 encoded strings + */ +function hex_sha512(s) { return rstr2hex(rstr_sha512(str2rstr_utf8(s))); } +function b64_sha512(s) { return rstr2b64(rstr_sha512(str2rstr_utf8(s))); } +function any_sha512(s, e) { return rstr2any(rstr_sha512(str2rstr_utf8(s)), e);} +function hex_hmac_sha512(k, d) + { return rstr2hex(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d))); } +function b64_hmac_sha512(k, d) + { return rstr2b64(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d))); } +function any_hmac_sha512(k, d, e) + { return rstr2any(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d)), e);} + +/* + * Perform a simple self-test to see if the VM is working + */ +function sha512_vm_test() +{ + return hex_sha512("abc").toLowerCase() == + "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" + + "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"; +} + +/* + * Calculate the SHA-512 of a raw string + */ +function rstr_sha512(s) +{ + return binb2rstr(binb_sha512(rstr2binb(s), s.length * 8)); +} + +/* + * Calculate the HMAC-SHA-512 of a key and some data (raw strings) + */ +function rstr_hmac_sha512(key, data) +{ + var bkey = rstr2binb(key); + if(bkey.length > 32) bkey = binb_sha512(bkey, key.length * 8); + + var ipad = Array(32), opad = Array(32); + for(var i = 0; i < 32; i++) + { + ipad[i] = bkey[i] ^ 0x36363636; + opad[i] = bkey[i] ^ 0x5C5C5C5C; + } + + var hash = binb_sha512(ipad.concat(rstr2binb(data)), 1024 + data.length * 8); + return binb2rstr(binb_sha512(opad.concat(hash), 1024 + 512)); +} + +/* + * Convert a raw string to a hex string + */ +function rstr2hex(input) +{ + try { hexcase } catch(e) { hexcase=0; } + var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; + var output = ""; + var x; + for(var i = 0; i < input.length; i++) + { + x = input.charCodeAt(i); + output += hex_tab.charAt((x >>> 4) & 0x0F) + + hex_tab.charAt( x & 0x0F); + } + return output; +} + +/* + * Convert a raw string to a base-64 string + */ +function rstr2b64(input) +{ + try { b64pad } catch(e) { b64pad=''; } + var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + var output = ""; + var len = input.length; + for(var i = 0; i < len; i += 3) + { + var triplet = (input.charCodeAt(i) << 16) + | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0) + | (i + 2 < len ? input.charCodeAt(i+2) : 0); + for(var j = 0; j < 4; j++) + { + if(i * 8 + j * 6 > input.length * 8) output += b64pad; + else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F); + } + } + return output; +} + +/* + * Convert a raw string to an arbitrary string encoding + */ +function rstr2any(input, encoding) +{ + var divisor = encoding.length; + var i, j, q, x, quotient; + + /* Convert to an array of 16-bit big-endian values, forming the dividend */ + var dividend = Array(Math.ceil(input.length / 2)); + for(i = 0; i < dividend.length; i++) + { + dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1); + } + + /* + * Repeatedly perform a long division. The binary array forms the dividend, + * the length of the encoding is the divisor. Once computed, the quotient + * forms the dividend for the next step. All remainders are stored for later + * use. + */ + var full_length = Math.ceil(input.length * 8 / + (Math.log(encoding.length) / Math.log(2))); + var remainders = Array(full_length); + for(j = 0; j < full_length; j++) + { + quotient = Array(); + x = 0; + for(i = 0; i < dividend.length; i++) + { + x = (x << 16) + dividend[i]; + q = Math.floor(x / divisor); + x -= q * divisor; + if(quotient.length > 0 || q > 0) + quotient[quotient.length] = q; + } + remainders[j] = x; + dividend = quotient; + } + + /* Convert the remainders to the output string */ + var output = ""; + for(i = remainders.length - 1; i >= 0; i--) + output += encoding.charAt(remainders[i]); + + return output; +} + +/* + * Encode a string as utf-8. + * For efficiency, this assumes the input is valid utf-16. + */ +function str2rstr_utf8(input) +{ + var output = ""; + var i = -1; + var x, y; + + while(++i < input.length) + { + /* Decode utf-16 surrogate pairs */ + x = input.charCodeAt(i); + y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0; + if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF) + { + x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF); + i++; + } + + /* Encode output as utf-8 */ + if(x <= 0x7F) + output += String.fromCharCode(x); + else if(x <= 0x7FF) + output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F), + 0x80 | ( x & 0x3F)); + else if(x <= 0xFFFF) + output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F), + 0x80 | ((x >>> 6 ) & 0x3F), + 0x80 | ( x & 0x3F)); + else if(x <= 0x1FFFFF) + output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07), + 0x80 | ((x >>> 12) & 0x3F), + 0x80 | ((x >>> 6 ) & 0x3F), + 0x80 | ( x & 0x3F)); + } + return output; +} + +/* + * Encode a string as utf-16 + */ +function str2rstr_utf16le(input) +{ + var output = ""; + for(var i = 0; i < input.length; i++) + output += String.fromCharCode( input.charCodeAt(i) & 0xFF, + (input.charCodeAt(i) >>> 8) & 0xFF); + return output; +} + +function str2rstr_utf16be(input) +{ + var output = ""; + for(var i = 0; i < input.length; i++) + output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF, + input.charCodeAt(i) & 0xFF); + return output; +} + +/* + * Convert a raw string to an array of big-endian words + * Characters >255 have their high-byte silently ignored. + */ +function rstr2binb(input) +{ + var output = Array(input.length >> 2); + for(var i = 0; i < output.length; i++) + output[i] = 0; + for(var i = 0; i < input.length * 8; i += 8) + output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32); + return output; +} + +/* + * Convert an array of big-endian words to a string + */ +function binb2rstr(input) +{ + var output = ""; + for(var i = 0; i < input.length * 32; i += 8) + output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF); + return output; +} + +/* + * Calculate the SHA-512 of an array of big-endian dwords, and a bit length + */ +var sha512_k; +function binb_sha512(x, len) +{ + if(sha512_k == undefined) + { + //SHA512 constants + sha512_k = new Array( +new int64(0x428a2f98, -685199838), new int64(0x71374491, 0x23ef65cd), +new int64(-1245643825, -330482897), new int64(-373957723, -2121671748), +new int64(0x3956c25b, -213338824), new int64(0x59f111f1, -1241133031), +new int64(-1841331548, -1357295717), new int64(-1424204075, -630357736), +new int64(-670586216, -1560083902), new int64(0x12835b01, 0x45706fbe), +new int64(0x243185be, 0x4ee4b28c), new int64(0x550c7dc3, -704662302), +new int64(0x72be5d74, -226784913), new int64(-2132889090, 0x3b1696b1), +new int64(-1680079193, 0x25c71235), new int64(-1046744716, -815192428), +new int64(-459576895, -1628353838), new int64(-272742522, 0x384f25e3), +new int64(0xfc19dc6, -1953704523), new int64(0x240ca1cc, 0x77ac9c65), +new int64(0x2de92c6f, 0x592b0275), new int64(0x4a7484aa, 0x6ea6e483), +new int64(0x5cb0a9dc, -1119749164), new int64(0x76f988da, -2096016459), +new int64(-1740746414, -295247957), new int64(-1473132947, 0x2db43210), +new int64(-1341970488, -1728372417), new int64(-1084653625, -1091629340), +new int64(-958395405, 0x3da88fc2), new int64(-710438585, -1828018395), +new int64(0x6ca6351, -536640913), new int64(0x14292967, 0xa0e6e70), +new int64(0x27b70a85, 0x46d22ffc), new int64(0x2e1b2138, 0x5c26c926), +new int64(0x4d2c6dfc, 0x5ac42aed), new int64(0x53380d13, -1651133473), +new int64(0x650a7354, -1951439906), new int64(0x766a0abb, 0x3c77b2a8), +new int64(-2117940946, 0x47edaee6), new int64(-1838011259, 0x1482353b), +new int64(-1564481375, 0x4cf10364), new int64(-1474664885, -1136513023), +new int64(-1035236496, -789014639), new int64(-949202525, 0x654be30), +new int64(-778901479, -688958952), new int64(-694614492, 0x5565a910), +new int64(-200395387, 0x5771202a), new int64(0x106aa070, 0x32bbd1b8), +new int64(0x19a4c116, -1194143544), new int64(0x1e376c08, 0x5141ab53), +new int64(0x2748774c, -544281703), new int64(0x34b0bcb5, -509917016), +new int64(0x391c0cb3, -976659869), new int64(0x4ed8aa4a, -482243893), +new int64(0x5b9cca4f, 0x7763e373), new int64(0x682e6ff3, -692930397), +new int64(0x748f82ee, 0x5defb2fc), new int64(0x78a5636f, 0x43172f60), +new int64(-2067236844, -1578062990), new int64(-1933114872, 0x1a6439ec), +new int64(-1866530822, 0x23631e28), new int64(-1538233109, -561857047), +new int64(-1090935817, -1295615723), new int64(-965641998, -479046869), +new int64(-903397682, -366583396), new int64(-779700025, 0x21c0c207), +new int64(-354779690, -840897762), new int64(-176337025, -294727304), +new int64(0x6f067aa, 0x72176fba), new int64(0xa637dc5, -1563912026), +new int64(0x113f9804, -1090974290), new int64(0x1b710b35, 0x131c471b), +new int64(0x28db77f5, 0x23047d84), new int64(0x32caab7b, 0x40c72493), +new int64(0x3c9ebe0a, 0x15c9bebc), new int64(0x431d67c4, -1676669620), +new int64(0x4cc5d4be, -885112138), new int64(0x597f299c, -60457430), +new int64(0x5fcb6fab, 0x3ad6faec), new int64(0x6c44198c, 0x4a475817)); + } + + //Initial hash values + var H = new Array( +new int64(0x6a09e667, -205731576), +new int64(-1150833019, -2067093701), +new int64(0x3c6ef372, -23791573), +new int64(-1521486534, 0x5f1d36f1), +new int64(0x510e527f, -1377402159), +new int64(-1694144372, 0x2b3e6c1f), +new int64(0x1f83d9ab, -79577749), +new int64(0x5be0cd19, 0x137e2179)); + + var T1 = new int64(0, 0), + T2 = new int64(0, 0), + a = new int64(0,0), + b = new int64(0,0), + c = new int64(0,0), + d = new int64(0,0), + e = new int64(0,0), + f = new int64(0,0), + g = new int64(0,0), + h = new int64(0,0), + //Temporary variables not specified by the document + s0 = new int64(0, 0), + s1 = new int64(0, 0), + Ch = new int64(0, 0), + Maj = new int64(0, 0), + r1 = new int64(0, 0), + r2 = new int64(0, 0), + r3 = new int64(0, 0); + var j, i; + var W = new Array(80); + for(i=0; i<80; i++) + W[i] = new int64(0, 0); + + // append padding to the source string. The format is described in the FIPS. + x[len >> 5] |= 0x80 << (24 - (len & 0x1f)); + x[((len + 128 >> 10)<< 5) + 31] = len; + + for(i = 0; i=32 +//The function revrrot() is for that +function int64rrot(dst, x, shift) +{ + dst.l = (x.l >>> shift) | (x.h << (32-shift)); + dst.h = (x.h >>> shift) | (x.l << (32-shift)); +} + +//Reverses the dwords of the source and then rotates right by shift. +//This is equivalent to rotation by 32+shift +function int64revrrot(dst, x, shift) +{ + dst.l = (x.h >>> shift) | (x.l << (32-shift)); + dst.h = (x.l >>> shift) | (x.h << (32-shift)); +} + +//Bitwise-shifts right a 64-bit number by shift +//Won't handle shift>=32, but it's never needed in SHA512 +function int64shr(dst, x, shift) +{ + dst.l = (x.l >>> shift) | (x.h << (32-shift)); + dst.h = (x.h >>> shift); +} + +//Adds two 64-bit numbers +//Like the original implementation, does not rely on 32-bit operations +function int64add(dst, x, y) +{ + var w0 = (x.l & 0xffff) + (y.l & 0xffff); + var w1 = (x.l >>> 16) + (y.l >>> 16) + (w0 >>> 16); + var w2 = (x.h & 0xffff) + (y.h & 0xffff) + (w1 >>> 16); + var w3 = (x.h >>> 16) + (y.h >>> 16) + (w2 >>> 16); + dst.l = (w0 & 0xffff) | (w1 << 16); + dst.h = (w2 & 0xffff) | (w3 << 16); +} + +//Same, except with 4 addends. Works faster than adding them one by one. +function int64add4(dst, a, b, c, d) +{ + var w0 = (a.l & 0xffff) + (b.l & 0xffff) + (c.l & 0xffff) + (d.l & 0xffff); + var w1 = (a.l >>> 16) + (b.l >>> 16) + (c.l >>> 16) + (d.l >>> 16) + (w0 >>> 16); + var w2 = (a.h & 0xffff) + (b.h & 0xffff) + (c.h & 0xffff) + (d.h & 0xffff) + (w1 >>> 16); + var w3 = (a.h >>> 16) + (b.h >>> 16) + (c.h >>> 16) + (d.h >>> 16) + (w2 >>> 16); + dst.l = (w0 & 0xffff) | (w1 << 16); + dst.h = (w2 & 0xffff) | (w3 << 16); +} + +//Same, except with 5 addends +function int64add5(dst, a, b, c, d, e) +{ + var w0 = (a.l & 0xffff) + (b.l & 0xffff) + (c.l & 0xffff) + (d.l & 0xffff) + (e.l & 0xffff); + var w1 = (a.l >>> 16) + (b.l >>> 16) + (c.l >>> 16) + (d.l >>> 16) + (e.l >>> 16) + (w0 >>> 16); + var w2 = (a.h & 0xffff) + (b.h & 0xffff) + (c.h & 0xffff) + (d.h & 0xffff) + (e.h & 0xffff) + (w1 >>> 16); + var w3 = (a.h >>> 16) + (b.h >>> 16) + (c.h >>> 16) + (d.h >>> 16) + (e.h >>> 16) + (w2 >>> 16); + dst.l = (w0 & 0xffff) | (w1 << 16); + dst.h = (w2 & 0xffff) | (w3 << 16); +} + From bb8c01d6183069365e49fa7484b9dded6d7e519c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 5 Jun 2013 21:39:23 +0200 Subject: [PATCH 04/19] add sha512 module --- content/passhash-sha512.js | 497 +++++++++++++++++++++++++++++++++++++ 1 file changed, 497 insertions(+) create mode 100644 content/passhash-sha512.js diff --git a/content/passhash-sha512.js b/content/passhash-sha512.js new file mode 100644 index 0000000..47f7655 --- /dev/null +++ b/content/passhash-sha512.js @@ -0,0 +1,497 @@ +/* + * A JavaScript implementation of the Secure Hash Algorithm, SHA-512, as defined + * in FIPS 180-2 + * Version 2.2 Copyright Anonymous Contributor, Paul Johnston 2000 - 2009. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * Distributed under the BSD License + * See http://pajhome.org.uk/crypt/md5 for details. + */ + +/* + * Configurable variables. You may need to tweak these to be compatible with + * the server-side, but the defaults work in most cases. + */ +var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ +var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ + +/* + * These are the functions you'll usually want to call + * They take string arguments and return either hex or base-64 encoded strings + */ +function hex_sha512(s) { return rstr2hex(rstr_sha512(str2rstr_utf8(s))); } +function b64_sha512(s) { return rstr2b64(rstr_sha512(str2rstr_utf8(s))); } +function any_sha512(s, e) { return rstr2any(rstr_sha512(str2rstr_utf8(s)), e);} +function hex_hmac_sha512(k, d) + { return rstr2hex(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d))); } +function b64_hmac_sha512(k, d) + { return rstr2b64(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d))); } +function any_hmac_sha512(k, d, e) + { return rstr2any(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d)), e);} + +/* + * Perform a simple self-test to see if the VM is working + */ +function sha512_vm_test() +{ + return hex_sha512("abc").toLowerCase() == + "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" + + "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"; +} + +/* + * Calculate the SHA-512 of a raw string + */ +function rstr_sha512(s) +{ + return binb2rstr(binb_sha512(rstr2binb(s), s.length * 8)); +} + +/* + * Calculate the HMAC-SHA-512 of a key and some data (raw strings) + */ +function rstr_hmac_sha512(key, data) +{ + var bkey = rstr2binb(key); + if(bkey.length > 32) bkey = binb_sha512(bkey, key.length * 8); + + var ipad = Array(32), opad = Array(32); + for(var i = 0; i < 32; i++) + { + ipad[i] = bkey[i] ^ 0x36363636; + opad[i] = bkey[i] ^ 0x5C5C5C5C; + } + + var hash = binb_sha512(ipad.concat(rstr2binb(data)), 1024 + data.length * 8); + return binb2rstr(binb_sha512(opad.concat(hash), 1024 + 512)); +} + +/* + * Convert a raw string to a hex string + */ +function rstr2hex(input) +{ + try { hexcase } catch(e) { hexcase=0; } + var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; + var output = ""; + var x; + for(var i = 0; i < input.length; i++) + { + x = input.charCodeAt(i); + output += hex_tab.charAt((x >>> 4) & 0x0F) + + hex_tab.charAt( x & 0x0F); + } + return output; +} + +/* + * Convert a raw string to a base-64 string + */ +function rstr2b64(input) +{ + try { b64pad } catch(e) { b64pad=''; } + var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + var output = ""; + var len = input.length; + for(var i = 0; i < len; i += 3) + { + var triplet = (input.charCodeAt(i) << 16) + | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0) + | (i + 2 < len ? input.charCodeAt(i+2) : 0); + for(var j = 0; j < 4; j++) + { + if(i * 8 + j * 6 > input.length * 8) output += b64pad; + else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F); + } + } + return output; +} + +/* + * Convert a raw string to an arbitrary string encoding + */ +function rstr2any(input, encoding) +{ + var divisor = encoding.length; + var i, j, q, x, quotient; + + /* Convert to an array of 16-bit big-endian values, forming the dividend */ + var dividend = Array(Math.ceil(input.length / 2)); + for(i = 0; i < dividend.length; i++) + { + dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1); + } + + /* + * Repeatedly perform a long division. The binary array forms the dividend, + * the length of the encoding is the divisor. Once computed, the quotient + * forms the dividend for the next step. All remainders are stored for later + * use. + */ + var full_length = Math.ceil(input.length * 8 / + (Math.log(encoding.length) / Math.log(2))); + var remainders = Array(full_length); + for(j = 0; j < full_length; j++) + { + quotient = Array(); + x = 0; + for(i = 0; i < dividend.length; i++) + { + x = (x << 16) + dividend[i]; + q = Math.floor(x / divisor); + x -= q * divisor; + if(quotient.length > 0 || q > 0) + quotient[quotient.length] = q; + } + remainders[j] = x; + dividend = quotient; + } + + /* Convert the remainders to the output string */ + var output = ""; + for(i = remainders.length - 1; i >= 0; i--) + output += encoding.charAt(remainders[i]); + + return output; +} + +/* + * Encode a string as utf-8. + * For efficiency, this assumes the input is valid utf-16. + */ +function str2rstr_utf8(input) +{ + var output = ""; + var i = -1; + var x, y; + + while(++i < input.length) + { + /* Decode utf-16 surrogate pairs */ + x = input.charCodeAt(i); + y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0; + if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF) + { + x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF); + i++; + } + + /* Encode output as utf-8 */ + if(x <= 0x7F) + output += String.fromCharCode(x); + else if(x <= 0x7FF) + output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F), + 0x80 | ( x & 0x3F)); + else if(x <= 0xFFFF) + output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F), + 0x80 | ((x >>> 6 ) & 0x3F), + 0x80 | ( x & 0x3F)); + else if(x <= 0x1FFFFF) + output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07), + 0x80 | ((x >>> 12) & 0x3F), + 0x80 | ((x >>> 6 ) & 0x3F), + 0x80 | ( x & 0x3F)); + } + return output; +} + +/* + * Encode a string as utf-16 + */ +function str2rstr_utf16le(input) +{ + var output = ""; + for(var i = 0; i < input.length; i++) + output += String.fromCharCode( input.charCodeAt(i) & 0xFF, + (input.charCodeAt(i) >>> 8) & 0xFF); + return output; +} + +function str2rstr_utf16be(input) +{ + var output = ""; + for(var i = 0; i < input.length; i++) + output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF, + input.charCodeAt(i) & 0xFF); + return output; +} + +/* + * Convert a raw string to an array of big-endian words + * Characters >255 have their high-byte silently ignored. + */ +function rstr2binb(input) +{ + var output = Array(input.length >> 2); + for(var i = 0; i < output.length; i++) + output[i] = 0; + for(var i = 0; i < input.length * 8; i += 8) + output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32); + return output; +} + +/* + * Convert an array of big-endian words to a string + */ +function binb2rstr(input) +{ + var output = ""; + for(var i = 0; i < input.length * 32; i += 8) + output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF); + return output; +} + +/* + * Calculate the SHA-512 of an array of big-endian dwords, and a bit length + */ +var sha512_k; +function binb_sha512(x, len) +{ + if(sha512_k == undefined) + { + //SHA512 constants + sha512_k = new Array( +new int64(0x428a2f98, -685199838), new int64(0x71374491, 0x23ef65cd), +new int64(-1245643825, -330482897), new int64(-373957723, -2121671748), +new int64(0x3956c25b, -213338824), new int64(0x59f111f1, -1241133031), +new int64(-1841331548, -1357295717), new int64(-1424204075, -630357736), +new int64(-670586216, -1560083902), new int64(0x12835b01, 0x45706fbe), +new int64(0x243185be, 0x4ee4b28c), new int64(0x550c7dc3, -704662302), +new int64(0x72be5d74, -226784913), new int64(-2132889090, 0x3b1696b1), +new int64(-1680079193, 0x25c71235), new int64(-1046744716, -815192428), +new int64(-459576895, -1628353838), new int64(-272742522, 0x384f25e3), +new int64(0xfc19dc6, -1953704523), new int64(0x240ca1cc, 0x77ac9c65), +new int64(0x2de92c6f, 0x592b0275), new int64(0x4a7484aa, 0x6ea6e483), +new int64(0x5cb0a9dc, -1119749164), new int64(0x76f988da, -2096016459), +new int64(-1740746414, -295247957), new int64(-1473132947, 0x2db43210), +new int64(-1341970488, -1728372417), new int64(-1084653625, -1091629340), +new int64(-958395405, 0x3da88fc2), new int64(-710438585, -1828018395), +new int64(0x6ca6351, -536640913), new int64(0x14292967, 0xa0e6e70), +new int64(0x27b70a85, 0x46d22ffc), new int64(0x2e1b2138, 0x5c26c926), +new int64(0x4d2c6dfc, 0x5ac42aed), new int64(0x53380d13, -1651133473), +new int64(0x650a7354, -1951439906), new int64(0x766a0abb, 0x3c77b2a8), +new int64(-2117940946, 0x47edaee6), new int64(-1838011259, 0x1482353b), +new int64(-1564481375, 0x4cf10364), new int64(-1474664885, -1136513023), +new int64(-1035236496, -789014639), new int64(-949202525, 0x654be30), +new int64(-778901479, -688958952), new int64(-694614492, 0x5565a910), +new int64(-200395387, 0x5771202a), new int64(0x106aa070, 0x32bbd1b8), +new int64(0x19a4c116, -1194143544), new int64(0x1e376c08, 0x5141ab53), +new int64(0x2748774c, -544281703), new int64(0x34b0bcb5, -509917016), +new int64(0x391c0cb3, -976659869), new int64(0x4ed8aa4a, -482243893), +new int64(0x5b9cca4f, 0x7763e373), new int64(0x682e6ff3, -692930397), +new int64(0x748f82ee, 0x5defb2fc), new int64(0x78a5636f, 0x43172f60), +new int64(-2067236844, -1578062990), new int64(-1933114872, 0x1a6439ec), +new int64(-1866530822, 0x23631e28), new int64(-1538233109, -561857047), +new int64(-1090935817, -1295615723), new int64(-965641998, -479046869), +new int64(-903397682, -366583396), new int64(-779700025, 0x21c0c207), +new int64(-354779690, -840897762), new int64(-176337025, -294727304), +new int64(0x6f067aa, 0x72176fba), new int64(0xa637dc5, -1563912026), +new int64(0x113f9804, -1090974290), new int64(0x1b710b35, 0x131c471b), +new int64(0x28db77f5, 0x23047d84), new int64(0x32caab7b, 0x40c72493), +new int64(0x3c9ebe0a, 0x15c9bebc), new int64(0x431d67c4, -1676669620), +new int64(0x4cc5d4be, -885112138), new int64(0x597f299c, -60457430), +new int64(0x5fcb6fab, 0x3ad6faec), new int64(0x6c44198c, 0x4a475817)); + } + + //Initial hash values + var H = new Array( +new int64(0x6a09e667, -205731576), +new int64(-1150833019, -2067093701), +new int64(0x3c6ef372, -23791573), +new int64(-1521486534, 0x5f1d36f1), +new int64(0x510e527f, -1377402159), +new int64(-1694144372, 0x2b3e6c1f), +new int64(0x1f83d9ab, -79577749), +new int64(0x5be0cd19, 0x137e2179)); + + var T1 = new int64(0, 0), + T2 = new int64(0, 0), + a = new int64(0,0), + b = new int64(0,0), + c = new int64(0,0), + d = new int64(0,0), + e = new int64(0,0), + f = new int64(0,0), + g = new int64(0,0), + h = new int64(0,0), + //Temporary variables not specified by the document + s0 = new int64(0, 0), + s1 = new int64(0, 0), + Ch = new int64(0, 0), + Maj = new int64(0, 0), + r1 = new int64(0, 0), + r2 = new int64(0, 0), + r3 = new int64(0, 0); + var j, i; + var W = new Array(80); + for(i=0; i<80; i++) + W[i] = new int64(0, 0); + + // append padding to the source string. The format is described in the FIPS. + x[len >> 5] |= 0x80 << (24 - (len & 0x1f)); + x[((len + 128 >> 10)<< 5) + 31] = len; + + for(i = 0; i=32 +//The function revrrot() is for that +function int64rrot(dst, x, shift) +{ + dst.l = (x.l >>> shift) | (x.h << (32-shift)); + dst.h = (x.h >>> shift) | (x.l << (32-shift)); +} + +//Reverses the dwords of the source and then rotates right by shift. +//This is equivalent to rotation by 32+shift +function int64revrrot(dst, x, shift) +{ + dst.l = (x.h >>> shift) | (x.l << (32-shift)); + dst.h = (x.l >>> shift) | (x.h << (32-shift)); +} + +//Bitwise-shifts right a 64-bit number by shift +//Won't handle shift>=32, but it's never needed in SHA512 +function int64shr(dst, x, shift) +{ + dst.l = (x.l >>> shift) | (x.h << (32-shift)); + dst.h = (x.h >>> shift); +} + +//Adds two 64-bit numbers +//Like the original implementation, does not rely on 32-bit operations +function int64add(dst, x, y) +{ + var w0 = (x.l & 0xffff) + (y.l & 0xffff); + var w1 = (x.l >>> 16) + (y.l >>> 16) + (w0 >>> 16); + var w2 = (x.h & 0xffff) + (y.h & 0xffff) + (w1 >>> 16); + var w3 = (x.h >>> 16) + (y.h >>> 16) + (w2 >>> 16); + dst.l = (w0 & 0xffff) | (w1 << 16); + dst.h = (w2 & 0xffff) | (w3 << 16); +} + +//Same, except with 4 addends. Works faster than adding them one by one. +function int64add4(dst, a, b, c, d) +{ + var w0 = (a.l & 0xffff) + (b.l & 0xffff) + (c.l & 0xffff) + (d.l & 0xffff); + var w1 = (a.l >>> 16) + (b.l >>> 16) + (c.l >>> 16) + (d.l >>> 16) + (w0 >>> 16); + var w2 = (a.h & 0xffff) + (b.h & 0xffff) + (c.h & 0xffff) + (d.h & 0xffff) + (w1 >>> 16); + var w3 = (a.h >>> 16) + (b.h >>> 16) + (c.h >>> 16) + (d.h >>> 16) + (w2 >>> 16); + dst.l = (w0 & 0xffff) | (w1 << 16); + dst.h = (w2 & 0xffff) | (w3 << 16); +} + +//Same, except with 5 addends +function int64add5(dst, a, b, c, d, e) +{ + var w0 = (a.l & 0xffff) + (b.l & 0xffff) + (c.l & 0xffff) + (d.l & 0xffff) + (e.l & 0xffff); + var w1 = (a.l >>> 16) + (b.l >>> 16) + (c.l >>> 16) + (d.l >>> 16) + (e.l >>> 16) + (w0 >>> 16); + var w2 = (a.h & 0xffff) + (b.h & 0xffff) + (c.h & 0xffff) + (d.h & 0xffff) + (e.h & 0xffff) + (w1 >>> 16); + var w3 = (a.h >>> 16) + (b.h >>> 16) + (c.h >>> 16) + (d.h >>> 16) + (e.h >>> 16) + (w2 >>> 16); + dst.l = (w0 & 0xffff) | (w1 << 16); + dst.h = (w2 & 0xffff) | (w3 << 16); +} + From 53c262e341ce2bbd9472422ab415bc55a82978ae Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 5 Jun 2013 21:42:22 +0200 Subject: [PATCH 05/19] add nodejs commandline tool, support sha512 in GenerateHashWord --- content/passhash-common.js | 12 +++++++++--- content/passhash-sha1.js | 3 +++ content/passhash-sha512.js | 2 ++ tools/passhash | 25 +++++++++++++++++++++++++ 4 files changed, 39 insertions(+), 3 deletions(-) create mode 100755 tools/passhash diff --git a/content/passhash-common.js b/content/passhash-common.js index 5e13c61..274f03b 100644 --- a/content/passhash-common.js +++ b/content/passhash-common.js @@ -303,10 +303,14 @@ var PassHashCommon = requirePunctuation, requireMixedCase, restrictSpecial, - restrictDigits) + restrictDigits, + hash_algorithm) { - // Start with the SHA1-encrypted master key/site tag. - var s = b64_hmac_sha1(masterKey, siteTag); + // Start with the SHA-encrypted master key/site tag. + if (hash_algorithm === "sha512") + var s = b64_hmac_sha512(masterKey, siteTag); + else + var s = b64_hmac_sha1(masterKey, siteTag); // Use the checksum of all characters as a pseudo-randomizing seed to // avoid making the injected characters easy to guess. Note that it // isn't random in the sense of not being deterministic (i.e. @@ -789,3 +793,5 @@ var PassHashCommon = //NB: Make sure not to add a comma after the last function for older IE compatibility. } + +exports.PassHashCommon = PassHashCommon; \ No newline at end of file diff --git a/content/passhash-sha1.js b/content/passhash-sha1.js index 443eac7..999af3c 100644 --- a/content/passhash-sha1.js +++ b/content/passhash-sha1.js @@ -223,3 +223,6 @@ function binb2b64(binarray) } return str; } + +if (exports !== null) + exports.b64_hmac_sha1 = b64_hmac_sha1; \ No newline at end of file diff --git a/content/passhash-sha512.js b/content/passhash-sha512.js index 47f7655..c38cfda 100644 --- a/content/passhash-sha512.js +++ b/content/passhash-sha512.js @@ -495,3 +495,5 @@ function int64add5(dst, a, b, c, d, e) dst.h = (w2 & 0xffff) | (w3 << 16); } +if (exports !== null) + exports.b64_hmac_sha512 = b64_hmac_sha512; \ No newline at end of file diff --git a/tools/passhash b/tools/passhash new file mode 100755 index 0000000..8e0252e --- /dev/null +++ b/tools/passhash @@ -0,0 +1,25 @@ +#!/usr/bin/node + +// import b64_hmac_sha{512,1} global to avoid having to import it in +// passhash-common.js +b64_hmac_sha512 = require('../content/passhash-sha512.js').b64_hmac_sha512; +b64_hmac_sha1 = require('../content/passhash-sha1.js').b64_hmac_sha1; +// normal import +var passhash = require('../content/passhash-common.js'); + +var site = process.argv[2] || "example-site"; +var master = process.argv[3] || "example-master-pass"; +var sha_algorithm = process.argv[4] || "sha1"; +console.log("using site='%s' master='%s' algorithm='%s'\n", + site, master, sha_algorithm); +var pw = passhash.PassHashCommon.generateHashWord( + site, + "master", + 14, + true, + true, + true, + false, + false, + sha_algorithm); +console.log(pw); From 46bb1524b28670848ea34b9c4f3cc7b2d4803d49 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 5 Jun 2013 21:50:21 +0200 Subject: [PATCH 06/19] bump version, include sha512 --- content/passhash-dialog.xul | 4 ++++ content/passhash-portable.html | 4 ++++ install.rdf | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/content/passhash-dialog.xul b/content/passhash-dialog.xul index 104f966..3ec00de 100644 --- a/content/passhash-dialog.xul +++ b/content/passhash-dialog.xul @@ -28,6 +28,10 @@ src="passhash-sha1.js" /> + + + diff --git a/install.rdf b/install.rdf index dd9293c..d505d01 100644 --- a/install.rdf +++ b/install.rdf @@ -5,7 +5,7 @@ Date: Thu, 6 Jun 2013 06:34:54 +0200 Subject: [PATCH 07/19] add support to store HashAlgorithm --- content/passhash-common.js | 4 ++++ content/passhash-dialog.js | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/content/passhash-common.js b/content/passhash-common.js index 274f03b..4e9d67e 100644 --- a/content/passhash-common.js +++ b/content/passhash-common.js @@ -83,6 +83,8 @@ var PassHashCommon = opts.hashWordSizeDefault = prefs.getIntPref("optHashWordSizeDefault"); if (prefs.prefHasUserValue("optShortcutKeyCode")) opts.shortcutKeyCode = prefs.getCharPref("optShortcutKeyCode"); + if (prefs.prefHasUserValue("optHashAlgorithm")) + opts.hashAlgorithm = prefs.getCharPref("optHashAlgorithm"); if (!opts.shortcutKeyCode) { // Set shortcut key to XUL-defined default. @@ -130,6 +132,7 @@ var PassHashCommon = opts.firstTime = true; opts.shortcutKeyCode = ""; opts.shortcutKeyMods = ""; + opts.hashAlgorithm = "sha1"; return opts; }, @@ -152,6 +155,7 @@ var PassHashCommon = prefs.setIntPref( "optHashWordSizeDefault", opts.hashWordSizeDefault); prefs.setCharPref("optShortcutKeyCode", opts.shortcutKeyCode); prefs.setCharPref("optShortcutKeyMods", opts.shortcutKeyMods); + prefs.setCharPref("optHashAlgorithm", opts.hashAlgorithm); }, loadSecureValue: function(option, name, suffix, valueDefault) diff --git a/content/passhash-dialog.js b/content/passhash-dialog.js index ae00017..18713b2 100644 --- a/content/passhash-dialog.js +++ b/content/passhash-dialog.js @@ -78,6 +78,7 @@ var PassHash = this.restrictSpecial = false; this.restrictDigits = false; this.hashWordSize = prefs.hashWordSizeDefault; + this.hashAlgorithm = prefs.hashAlgorithm; this.onUnmask(); @@ -251,7 +252,8 @@ var PassHash = this.requirePunctuation, this.requireMixedCase, this.restrictSpecial, - this.restrictDigits); + this.restrictDigits, + this.hashAlgorithm); if (ctlHashWord.value != hashWordOrig) return 3; // It was modified return 0; // It was not modified From 559e6c06e79c594d140c3a51e0e23ada98efdc12 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 6 Jun 2013 06:53:17 +0200 Subject: [PATCH 08/19] add mocha based tests --- .gitignore | 5 +++++ README.test | 6 ++++++ REQUIREMENTS | 2 ++ content/passhash-common.js | 2 +- tests/Makefile | 6 ++++++ tests/test_passhash.js | 26 ++++++++++++++++++++++++++ 6 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 .gitignore create mode 100644 README.test create mode 100644 REQUIREMENTS create mode 100644 tests/Makefile create mode 100644 tests/test_passhash.js diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..126fc4a --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +*~ +*.xpi +.build +.build-mozilla +node_modules \ No newline at end of file diff --git a/README.test b/README.test new file mode 100644 index 0000000..c1a62f2 --- /dev/null +++ b/README.test @@ -0,0 +1,6 @@ +To run the unit-tests do: +$ npm install moncha + +then +$ (cd tests; make) + diff --git a/REQUIREMENTS b/REQUIREMENTS new file mode 100644 index 0000000..ef2eb27 --- /dev/null +++ b/REQUIREMENTS @@ -0,0 +1,2 @@ +mocha +nodeunit diff --git a/content/passhash-common.js b/content/passhash-common.js index 4e9d67e..173570a 100644 --- a/content/passhash-common.js +++ b/content/passhash-common.js @@ -798,4 +798,4 @@ var PassHashCommon = //NB: Make sure not to add a comma after the last function for older IE compatibility. } -exports.PassHashCommon = PassHashCommon; \ No newline at end of file +exports.PassHashCommon = PassHashCommon; diff --git a/tests/Makefile b/tests/Makefile new file mode 100644 index 0000000..65a0cc0 --- /dev/null +++ b/tests/Makefile @@ -0,0 +1,6 @@ + +all: js + +js: test*.js + nodejs ../node_modules/.bin/mocha -u tdd $? + diff --git a/tests/test_passhash.js b/tests/test_passhash.js new file mode 100644 index 0000000..e973d67 --- /dev/null +++ b/tests/test_passhash.js @@ -0,0 +1,26 @@ +#!/usr/bin/node + +var assert = require('assert'); +var PassHashCommon = require('../content/passhash-common.js'); + +// global +b64_hmac_sha1 = require("../content/passhash-sha1.js").b64_hmac_sha1; +b64_hmac_sha512 = require("../content/passhash-sha512.js").b64_hmac_sha512; + + +suite('PassHashCommon', function() { + + test('generateHashWord sha1', function() { + var hash = PassHashCommon.PassHashCommon.generateHashWord( + 'site', 'master', 14, true, true, true, false, false, 'sha1'); + assert.equal(hash, ',n/pRqqn4rwKvb'); + }); + + test('generateHashWord sha512', function() { + var hash = PassHashCommon.PassHashCommon.generateHashWord( + 'site', 'master', 14, true, true, true, false, false, 'sha512'); + assert.equal(hash, 'xvOxv4L!fxqBFD'); + }); + +}); + From 5f668911ac8797dfe3aa51b750bb7cfddaa235ed Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 6 Jun 2013 07:01:26 +0200 Subject: [PATCH 09/19] add test for the option string/read write --- content/passhash-common.js | 3 ++- content/passhash-dialog.js | 3 +++ tests/test_passhash.js | 32 +++++++++++++++++++++++++++++--- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/content/passhash-common.js b/content/passhash-common.js index 173570a..7ed7a99 100644 --- a/content/passhash-common.js +++ b/content/passhash-common.js @@ -798,4 +798,5 @@ var PassHashCommon = //NB: Make sure not to add a comma after the last function for older IE compatibility. } -exports.PassHashCommon = PassHashCommon; +if (exports !== null) + exports.PassHashCommon = PassHashCommon; diff --git a/content/passhash-dialog.js b/content/passhash-dialog.js index 18713b2..938449d 100644 --- a/content/passhash-dialog.js +++ b/content/passhash-dialog.js @@ -361,3 +361,6 @@ var PassHash = } } + +if (exports !== null) + exports.PassHashDialog = PassHash; diff --git a/tests/test_passhash.js b/tests/test_passhash.js index e973d67..cbb6d16 100644 --- a/tests/test_passhash.js +++ b/tests/test_passhash.js @@ -1,7 +1,8 @@ #!/usr/bin/node var assert = require('assert'); -var PassHashCommon = require('../content/passhash-common.js'); +var PassHashCommon = require('../content/passhash-common.js').PassHashCommon; +var PassHashDialog = require('../content/passhash-dialog.js').PassHashDialog; // global b64_hmac_sha1 = require("../content/passhash-sha1.js").b64_hmac_sha1; @@ -11,16 +12,41 @@ b64_hmac_sha512 = require("../content/passhash-sha512.js").b64_hmac_sha512; suite('PassHashCommon', function() { test('generateHashWord sha1', function() { - var hash = PassHashCommon.PassHashCommon.generateHashWord( + var hash = PassHashCommon.generateHashWord( 'site', 'master', 14, true, true, true, false, false, 'sha1'); assert.equal(hash, ',n/pRqqn4rwKvb'); }); test('generateHashWord sha512', function() { - var hash = PassHashCommon.PassHashCommon.generateHashWord( + var hash = PassHashCommon.generateHashWord( 'site', 'master', 14, true, true, true, false, false, 'sha512'); assert.equal(hash, 'xvOxv4L!fxqBFD'); }); }); +suite('PassHashDialog', function() { + + test('getOptionString', function() { + PassHashDialog.requireDigit = true; + PassHashDialog.requirePunctuation = true; + PassHashDialog.requireMixedCase = true; + PassHashDialog.restrictSpecial = false; + PassHashDialog.restrictDigits = false; + PassHashDialog.hashWordSize = 10; + + var optStr = PassHashDialog.getOptionString() + assert.equal(optStr, "dpm10"); + }); + + test('parseOptionString', function() { + PassHashDialog.parseOptionString("dpr12"); + assert.equal(PassHashDialog.requireDigit, true); + assert.equal(PassHashDialog.requirePunctuation, true); + assert.equal(PassHashDialog.requireMixedCase, false); + assert.equal(PassHashDialog.restrictSpecial, true); + assert.equal(PassHashDialog.restrictDigits, false); + assert.equal(PassHashDialog.hashWordSize, 12); + }); + +}); From 5080ae48e1089680dfc305e18ace39a0c1ce92b2 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 6 Jun 2013 07:09:40 +0200 Subject: [PATCH 10/19] add support to encode hash algorithm in the options string --- content/passhash-dialog.js | 7 ++++++- tests/test_passhash.js | 24 ++++++++++++++++++++---- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/content/passhash-dialog.js b/content/passhash-dialog.js index 938449d..7195d50 100644 --- a/content/passhash-dialog.js +++ b/content/passhash-dialog.js @@ -330,8 +330,11 @@ var PassHash = return true; }, - parseOptionString: function(s) + parseOptionString: function(full_options) { + var s = full_options.split("/")[0]; + this.hashAlgorithm = full_options.split("/")[1] || "sha1"; + this.requireDigit = (s.search(/d/i) >= 0); this.requirePunctuation = (s.search(/p/i) >= 0); this.requireMixedCase = (s.search(/m/i) >= 0); @@ -357,6 +360,8 @@ var PassHash = if (this.restrictDigits) opts += 'g'; opts += this.hashWordSize.toString(); + if (this.hashAlgorithm) + opts += "/"+this.hashAlgorihtm; return opts; } diff --git a/tests/test_passhash.js b/tests/test_passhash.js index cbb6d16..50b8cdc 100644 --- a/tests/test_passhash.js +++ b/tests/test_passhash.js @@ -27,16 +27,18 @@ suite('PassHashCommon', function() { suite('PassHashDialog', function() { - test('getOptionString', function() { + setup(function() { PassHashDialog.requireDigit = true; PassHashDialog.requirePunctuation = true; PassHashDialog.requireMixedCase = true; PassHashDialog.restrictSpecial = false; PassHashDialog.restrictDigits = false; - PassHashDialog.hashWordSize = 10; - + PassHashDialog.hashWordSize = 8; + }); + + test('getOptionString', function() { var optStr = PassHashDialog.getOptionString() - assert.equal(optStr, "dpm10"); + assert.equal(optStr, "dpm8"); }); test('parseOptionString', function() { @@ -47,6 +49,20 @@ suite('PassHashDialog', function() { assert.equal(PassHashDialog.restrictSpecial, true); assert.equal(PassHashDialog.restrictDigits, false); assert.equal(PassHashDialog.hashWordSize, 12); + assert.equal(PassHashDialog.hashAlgorithm, "sha1"); }); + test('parseOptionString sha512', function() { + PassHashDialog.parseOptionString("dpr12/sha512"); + assert.equal(PassHashDialog.hashAlgorithm, "sha512"); + }); + + test('getOptionString sha512', function() { + PassHashDialog.hashAlgorihtm = "sha512"; + var options_string = PassHashDialog.getOptionString(); + assert.equal(options_string, "dpm8/sha512"); + + }); + + }); From 79a83d47eb8dfa1f4101dad658d0bb6d34648a17 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 6 Jun 2013 22:20:56 +0200 Subject: [PATCH 11/19] use typeof instead of trying to access the variable directly --- content/passhash-common.js | 2 +- content/passhash-sha1.js | 2 +- content/passhash-sha512.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/passhash-common.js b/content/passhash-common.js index 7ed7a99..19a2935 100644 --- a/content/passhash-common.js +++ b/content/passhash-common.js @@ -798,5 +798,5 @@ var PassHashCommon = //NB: Make sure not to add a comma after the last function for older IE compatibility. } -if (exports !== null) +if (typeof exports !== 'undefined') exports.PassHashCommon = PassHashCommon; diff --git a/content/passhash-sha1.js b/content/passhash-sha1.js index 999af3c..7166eed 100644 --- a/content/passhash-sha1.js +++ b/content/passhash-sha1.js @@ -224,5 +224,5 @@ function binb2b64(binarray) return str; } -if (exports !== null) +if (typeof exports !== 'undefined') exports.b64_hmac_sha1 = b64_hmac_sha1; \ No newline at end of file diff --git a/content/passhash-sha512.js b/content/passhash-sha512.js index c38cfda..40e0b55 100644 --- a/content/passhash-sha512.js +++ b/content/passhash-sha512.js @@ -495,5 +495,5 @@ function int64add5(dst, a, b, c, d, e) dst.h = (w2 & 0xffff) | (w3 << 16); } -if (exports !== null) +if (typeof exports !== 'undefined') exports.b64_hmac_sha512 = b64_hmac_sha512; \ No newline at end of file From ddaed530290cb6583b2f9ec9b0f362d3a181f246 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 6 Jun 2013 22:21:18 +0200 Subject: [PATCH 12/19] add UI for the hash algorithm --- content/passhash-dialog.js | 22 ++++++++++++++++++++-- content/passhash-dialog.xul | 18 ++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/content/passhash-dialog.js b/content/passhash-dialog.js index 7195d50..b705b74 100644 --- a/content/passhash-dialog.js +++ b/content/passhash-dialog.js @@ -53,6 +53,7 @@ var PassHash = restrictSpecial: null, restrictDigits: null, hashWordSize: null, + hashAlgorithm: null, onLoad: function() { @@ -64,6 +65,7 @@ var PassHash = var ctlRestrictSpecial = document.getElementById("noSpecial"); var ctlRestrictDigits = document.getElementById("digitsOnly"); var ctlHashWordSize = document.getElementById("hashWordSize"); + var ctlHashAlgorithm = document.getElementById("hashAlgorithm"); var prefs = PassHashCommon.loadOptions(); this.guessSiteTag = prefs.guessSiteTag; @@ -115,6 +117,15 @@ var PassHash = ctlRestrictDigits.checked = this.restrictDigits; this.updateCheckboxes(); + var menulist = document.getElementById("hashAlgorithm"); + for (var i=0;menulist.getItemAtIndex(i) !== null; i++) { + var menuitem = menulist.getItemAtIndex(i); + if (menuitem.value === this.hashAlgorithm) { + menulist.selectedItem = menuitem; + break; + } + } + var btn = document.getElementById("hashWordSize"+this.hashWordSize); // Protect against bad saved hashWordSize value. if (btn == null) @@ -295,6 +306,13 @@ var PassHash = this.update(); }, + onHashAlgorithmChanged: function() + { + var menuitem = document.getElementById("hashAlgorithm").selectedItem; + this.hashAlgorithm = menuitem.value; + this.update(); + }, + updateCheckboxes: function() { document.getElementById("digit").disabled = @@ -361,11 +379,11 @@ var PassHash = opts += 'g'; opts += this.hashWordSize.toString(); if (this.hashAlgorithm) - opts += "/"+this.hashAlgorihtm; + opts += "/"+this.hashAlgorithm; return opts; } } -if (exports !== null) +if (typeof exports !== 'undefined') exports.PassHashDialog = PassHash; diff --git a/content/passhash-dialog.xul b/content/passhash-dialog.xul index 3ec00de..6b4eb18 100644 --- a/content/passhash-dialog.xul +++ b/content/passhash-dialog.xul @@ -234,6 +234,23 @@ + + + + + + + + + + + + Date: Mon, 8 Jul 2013 16:45:06 +0200 Subject: [PATCH 13/19] add sha512crypt to the supported algorithms --- .gitmodules | 3 + content/passhash-common.js | 6 +- content/passhash-dialog.xul | 7 +- content/passhash-portable.html | 6 +- content/passhash-sha512.js | 504 +-------------------------------- content/sha512crypt | 1 + install.rdf | 2 +- tests/test_passhash.js | 18 +- tools/passhash | 5 +- 9 files changed, 51 insertions(+), 501 deletions(-) create mode 100644 .gitmodules create mode 160000 content/sha512crypt diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..6dfa364 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "content/sha512crypt"] + path = content/sha512crypt + url = git://github.com/mvo5/sha512crypt-node diff --git a/content/passhash-common.js b/content/passhash-common.js index 19a2935..5dbff10 100644 --- a/content/passhash-common.js +++ b/content/passhash-common.js @@ -132,7 +132,7 @@ var PassHashCommon = opts.firstTime = true; opts.shortcutKeyCode = ""; opts.shortcutKeyMods = ""; - opts.hashAlgorithm = "sha1"; + opts.hashAlgorithm = "sha512crypt"; return opts; }, @@ -311,7 +311,9 @@ var PassHashCommon = hash_algorithm) { // Start with the SHA-encrypted master key/site tag. - if (hash_algorithm === "sha512") + if (hash_algorithm === "sha512crypt") + var s = b64_crypt_sha512(masterKey, siteTag); + else if (hash_algorithm === "sha512") var s = b64_hmac_sha512(masterKey, siteTag); else var s = b64_hmac_sha1(masterKey, siteTag); diff --git a/content/passhash-dialog.xul b/content/passhash-dialog.xul index 6b4eb18..e31231f 100644 --- a/content/passhash-dialog.xul +++ b/content/passhash-dialog.xul @@ -29,7 +29,11 @@ /> + +