Change protocol version (3 -> 4) in CLI : PKDBF2 is renamed in PBKDF2

This commit is contained in:
Grégory Soutadé 2017-04-17 20:39:53 +02:00
parent 65ca3a3d3d
commit 1d71ca6861
3 changed files with 20 additions and 16 deletions

View File

@ -4,6 +4,7 @@ LDFLAGS= -lcrypto -lcurl
TARGET=gpass_cli TARGET=gpass_cli
SRCS=main.c ini.c SRCS=main.c ini.c
all: $(TARGET)
$(TARGET): $(SRCS) $(TARGET): $(SRCS)
$(CC) $(CFLAGS) $^ -o $@ $(LDFLAGS) $(CC) $(CFLAGS) $^ -o $@ $(LDFLAGS)

View File

@ -1,6 +1,6 @@
[params] [params]
# ca_path=./ca_path/ca_authority.pem # ca_path=./ca_path/ca_authority.pem
# server=https://demo-gpass.soutade.fr/demo # server=https://demo-gpass.soutade.fr/demo
# pkdbf2_level=1000 # pbkdf2_level=1000
# server_port=443 # server_port=443
# verify_ssl_peer=1 # verify_ssl_peer=1

View File

@ -31,16 +31,16 @@
#define DEFAULT_CONFIG_FILE ".local/share/gpass/gpass.ini" #define DEFAULT_CONFIG_FILE ".local/share/gpass/gpass.ini"
#define DEFAULT_PKDBF2_LEVEL 1000 #define DEFAULT_PBKDF2_LEVEL 1000
#define MASTER_KEY_LENGTH (256/8) #define MASTER_KEY_LENGTH (256/8)
#define BLOCK_SIZE (128/8) #define BLOCK_SIZE (128/8)
#define DEFAULT_SERVER_PORT 443 #define DEFAULT_SERVER_PORT 443
#define SERVER_PROTOCOL 3 #define SERVER_PROTOCOL 4
#define RESPONSE_SIZE 2048 #define RESPONSE_SIZE 2048
#define MAX_SUBDOMAINS 10 #define MAX_SUBDOMAINS 10
struct gpass_parameters { struct gpass_parameters {
unsigned pkdbf2_level; unsigned pbkdf2_level;
char *server; char *server;
char *salt; char *salt;
char *domain; char *domain;
@ -61,7 +61,7 @@ static void derive_master_key(struct gpass_parameters* params)
PKCS5_PBKDF2_HMAC(params->orig_master_key, strlen(params->orig_master_key), PKCS5_PBKDF2_HMAC(params->orig_master_key, strlen(params->orig_master_key),
(unsigned char*)params->salt, strlen(params->salt), (unsigned char*)params->salt, strlen(params->salt),
params->pkdbf2_level, EVP_sha256(), params->pbkdf2_level, EVP_sha256(),
MASTER_KEY_LENGTH, params->derived_master_key); MASTER_KEY_LENGTH, params->derived_master_key);
} }
@ -191,7 +191,7 @@ static char* wildcard_domain(char* domain)
} }
// Too much levels // Too much levels
if (cur_level == MAX_SUBDOMAINS) if (cur_level >= MAX_SUBDOMAINS)
{ {
fprintf(stderr, "Error: Too much levels for domain %s\n", domain); fprintf(stderr, "Error: Too much levels for domain %s\n", domain);
return NULL; return NULL;
@ -251,6 +251,9 @@ static int ask_server(struct gpass_parameters* params)
char response[RESPONSE_SIZE]; char response[RESPONSE_SIZE];
unsigned char password[256]; unsigned char password[256];
if (params->verbose)
printf("Username: %s\n", params->username);
encrypt_domain(params, params->domain, &enc_domain, &enc_size); encrypt_domain(params, params->domain, &enc_domain, &enc_size);
append_to_request(&request, (char*)enc_domain); append_to_request(&request, (char*)enc_domain);
free(enc_domain); free(enc_domain);
@ -339,13 +342,13 @@ static int ask_server(struct gpass_parameters* params)
ret = 0; ret = 0;
goto end; goto end;
} }
else if (!STRNCMP(token, "pkdbf2_level")) else if (!STRNCMP(token, "pbkdf2_level"))
{ {
cur_ptr += sizeof("pkdbf2_level"); // includes "=" cur_ptr += sizeof("pbkdf2_level"); // includes "="
if (atoi(cur_ptr) != params->pkdbf2_level) if (atoi(cur_ptr) != params->pbkdf2_level)
{ {
params->pkdbf2_level = atoi(cur_ptr); params->pbkdf2_level = atoi(cur_ptr);
ret = 1; ret = 1;
break; break;
} }
@ -370,7 +373,7 @@ end:
static void init_parameters(struct gpass_parameters* params) static void init_parameters(struct gpass_parameters* params)
{ {
memset (params, 0, sizeof(*params)); memset (params, 0, sizeof(*params));
params->pkdbf2_level = DEFAULT_PKDBF2_LEVEL; params->pbkdf2_level = DEFAULT_PBKDF2_LEVEL;
params->server_port = DEFAULT_SERVER_PORT; params->server_port = DEFAULT_SERVER_PORT;
params->verify_ssl_peer = 1; params->verify_ssl_peer = 1;
} }
@ -419,8 +422,8 @@ static int gpass_ini_handler(void* user, const char* section,
if (params->ca_path) free(params->ca_path); if (params->ca_path) free(params->ca_path);
params->ca_path = strdup(value); params->ca_path = strdup(value);
} }
else if (!STRNCMP(name, "pkdbf2_level")) else if (!STRNCMP(name, "pbkdf2_level"))
params->pkdbf2_level = atoi(value); params->pbkdf2_level = atoi(value);
else if (!STRNCMP(name, "verify_ssl_peer")) else if (!STRNCMP(name, "verify_ssl_peer"))
params->verify_ssl_peer = atoi(value); params->verify_ssl_peer = atoi(value);
else if (!STRNCMP(name, "server_port")) else if (!STRNCMP(name, "server_port"))
@ -441,7 +444,7 @@ static int gpass_ini_handler(void* user, const char* section,
static void usage(char* program_name) static void usage(char* program_name)
{ {
fprintf(stderr, "Usage: %s [-f config_file] [-p server_port] [-c CA_certificate_path] [-l PKDBF2_level] [-s gpass_server] [-v] -d domain -u username\n", fprintf(stderr, "Usage: %s [-f config_file] [-p server_port] [-c CA_certificate_path] [-l PBKDF2_level] [-s gpass_server] [-v] -d domain -u username\n",
program_name); program_name);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
@ -483,7 +486,7 @@ int main(int argc, char** argv)
ini_parse(optarg, gpass_ini_handler, &params); ini_parse(optarg, gpass_ini_handler, &params);
break; break;
case 'l': case 'l':
params.pkdbf2_level = atoi(optarg); params.pbkdf2_level = atoi(optarg);
break; break;
case 'n': case 'n':
params.verify_ssl_peer = 0; params.verify_ssl_peer = 0;