Ticket #8173: patch_master_password.2.patch
File patch_master_password.2.patch, 24.3 KB (added by , 11 years ago) |
---|
-
data/Makefile.am
36 36 rm -f $@ 37 37 touch test_libtool_exedir.c 38 38 $(CC) -c -o test_libtool_exedir.o test_libtool_exedir.c 39 echo "Pouet1" 39 40 exedir=`$(LIBTOOL) -n --mode=link $(CC) -o test_libtool_exedir$(EXEEXT) test_libtool_exedir.o`; \ 40 41 if echo "$$exedir" | grep -- '-o \.libs' > /dev/null; then \ 41 42 echo "!define LT_EXEDIR \".libs\\\"" > libtoolexecutablesubdir.nsh; \ -
configure.in
159 159 #include <sys/types.h> 160 160 #include <utmp.h>]) 161 161 162 163 # -------------- Start of @td ---------------- 164 165 # AC_CHECK_HEADERS([cryptlib.h osrng.h sha.h aes.h hex.h integer.h pwdbased.h modes.h], 166 # [cryptopp_found_headers=yes; break;]) 167 168 169 # Check for Crypto++ 170 AM_OPTIONS_CRYPTO 171 172 CHECK_CRYPTO(5.1) 173 174 CXXFLAGS="$CXXFLAGS $CRYPTO_PP_CXXFLAGS" 175 LDFLAGS="$LDFLAGS $CRYPTO_PP_LDFLAGS" 176 CRYPTOLIBS="-l$CRYPTO_PP_LIB_NAME" 177 178 case "$CRYPTO_PP_STYLE" in 179 gentoo_debian | installed | sources) 180 ;; 181 *) AC_MSG_ERROR([ 182 WARNING: crypto++ >= $min_crypto_version is not found. 183 Please check that cryptopp-headers are in your default include path, 184 check out LD_LIBRARY_PATH or equivalent variable. 185 Or this might also be that your cryptopp is installed on other path. 186 Please try again with --with-crypto-prefix=/my_crypto_prefix 187 (replace /my_crypto_prefix with a valid path to your crypto directory). 188 To download the latest version check http://www.cryptopp.com for sources. 189 ]) 190 ;; 191 esac 192 193 AC_SUBST(CRYPTOLIBS) 194 195 # AS_IF([test "x$cryptopp_found_headers" != "xyes"], 196 # [AC_MSG_ERROR([Unable to find the Crypto++ library headers])]) 197 198 # ----------------- End of @td ----------------- 199 162 200 AC_SEARCH_LIBS([socket], [xnet]) 163 201 AC_SEARCH_LIBS([getaddrinfo], [xnet]) 164 202 AC_SEARCH_LIBS([in6addr_loopback], [socket]) -
src/interface/Options.cpp
177 177 { "Toolbar hidden", number, _T("0"), normal }, 178 178 { "Strip VMS revisions", number, _T("0"), normal }, 179 179 { "Show Site Manager on startup", number, _T("0"), normal }, 180 181 182 { "Use password encryption", number, _T("0"), normal }, 183 { "Master password", string, _T(""), normal }, 184 { "Encryption iterations", number, _T("0"), normal }, 185 180 186 181 187 // Default/internal options 182 188 { "Config Location", string, _T(""), default_only }, -
src/interface/xmlfunctions.cpp
594 594 if ((long)NORMAL == logonType || (long)ACCOUNT == logonType) 595 595 pass = GetTextElement(node, "Pass"); 596 596 597 if (!server.SetUser(user, pass ))597 if (!server.SetUser(user, pass, true)) 598 598 return false; 599 599 600 600 if ((long)ACCOUNT == logonType) … … 697 697 logonType = ASK; 698 698 else 699 699 { 700 AddTextElement(node, "Pass", server.GetPass( ));700 AddTextElement(node, "Pass", server.GetPass(false)); 701 701 702 702 if (server.GetLogonType() == ACCOUNT) 703 703 AddTextElement(node, "Account", server.GetAccount()); -
src/interface/settings/optionspage_interface.h
9 9 virtual bool SavePage(); 10 10 virtual bool Validate(); 11 11 12 13 void SetCtrlState(); 14 15 void OnEncryptPasswordsChanged(wxCommandEvent& event); 16 17 12 18 DECLARE_EVENT_TABLE(); 13 19 void OnLayoutChange(wxCommandEvent& event); 14 20 }; -
src/interface/settings/optionspage_interface.cpp
6 6 #include "../Mainfrm.h" 7 7 #include "../power_management.h" 8 8 9 10 #define DEFAULTVALUE "" 11 #include "../engine/crypto.h" 12 #include "xmlfunctions.h" 13 #include "../interface/ipcmutex.h" 14 15 16 9 17 BEGIN_EVENT_TABLE(COptionsPageInterface, COptionsPage) 10 18 EVT_CHECKBOX(XRCID("ID_FILEPANESWAP"), COptionsPageInterface::OnLayoutChange) 19 20 EVT_CHECKBOX(XRCID("ID_ENCRYPT_PASSWORDS"), COptionsPageInterface::OnEncryptPasswordsChanged) 21 11 22 EVT_CHOICE(XRCID("ID_FILEPANELAYOUT"), COptionsPageInterface::OnLayoutChange) 12 23 EVT_CHOICE(XRCID("ID_MESSAGELOGPOS"), COptionsPageInterface::OnLayoutChange) 13 24 END_EVENT_TABLE() … … 41 52 SetCheckFromOption(XRCID("ID_DONT_SAVE_PASSWORDS"), OPTION_DEFAULT_KIOSKMODE, failure); 42 53 43 54 SetCheckFromOption(XRCID("ID_INTERFACE_SITEMANAGER_ON_STARTUP"), OPTION_INTERFACE_SITEMANAGER_ON_STARTUP, failure); 55 56 57 SetCheckFromOption(XRCID("ID_ENCRYPT_PASSWORDS"), OPTION_ENCRYPT_PASSWORDS, failure); 58 wxString stars = wxString(DEFAULTVALUE, wxConvUTF8); 59 SetText(XRCID("ID_MASTER_PASSWORD"), stars, failure); // @TODO : Better display... 60 61 62 if (!failure) 63 { 64 SetCtrlState(); 65 } 44 66 45 67 return !failure; 46 68 } … … 59 81 SetOptionFromCheck(XRCID("ID_PREVENT_IDLESLEEP"), OPTION_PREVENT_IDLESLEEP); 60 82 61 83 SetOptionFromCheck(XRCID("ID_SPEED_DISPLAY"), OPTION_SPEED_DISPLAY); 84 85 86 bool enablingEnc = false; // Tells us if we are "ENABLING" encryption (disabled before, enabled now) 87 if (GetCheck(XRCID("ID_ENCRYPT_PASSWORDS")) != m_pOptions->GetOptionVal(OPTION_ENCRYPT_PASSWORDS)) 88 { 89 if (!GetCheck(XRCID("ID_ENCRYPT_PASSWORDS"))) // We are DISABLING encryption, let's decrypt everything already stored:m_pOptions-> 90 { 91 CInterProcessMutex mutex(MUTEX_SITEMANAGER); 92 CXmlFile file(_T("sitemanager")); 93 TiXmlElement* pDocument = file.Load(); 94 if (!pDocument) 95 { 96 wxMessageBox(file.GetError(), _("Error loading xml file"), wxICON_ERROR); 97 } 62 98 99 TiXmlElement* pElement = pDocument->FirstChildElement("Servers"); 100 if (pElement) 101 { 102 for (TiXmlElement* pServer = pElement->FirstChildElement("Server"); pServer; pServer = pServer->NextSiblingElement("Server")) 103 { 104 CServer s; 105 if (::GetServer(pServer, s)) 106 { 107 wxString pass = s.GetPass(); // decrypts before returning 108 m_pOptions->SetOption(OPTION_ENCRYPT_PASSWORDS, 0); //* Disabling encryption so that SetPass() does not encrypt the passwd 109 s.SetPass(pass); // will not encrypt 110 ::SetServer(pServer, s); 111 m_pOptions->SetOption(OPTION_ENCRYPT_PASSWORDS, 1); //* Enabling encryption so that next GetPass() does decrypt the pass before returning it 112 } 113 } 114 file.Save(); 115 } 116 m_pOptions->SetOption(OPTION_MASTER_PASSWORD, _T(""));// Resetting the master password when encryption is disabled 117 CCrypto::SetMasterPassword(_T("")); 118 } else { 119 enablingEnc = true; 120 } 121 SetOptionFromCheck(XRCID("ID_ENCRYPT_PASSWORDS"), OPTION_ENCRYPT_PASSWORDS); 122 } 123 124 125 wxString defaultval = wxString(DEFAULTVALUE, wxConvUTF8); 126 wxString newPassword = GetText(XRCID("ID_MASTER_PASSWORD")); 127 if(GetCheck(XRCID("ID_ENCRYPT_PASSWORDS")) && newPassword != defaultval) 128 { 129 wxString currentMPasswd = CCrypto::GetMasterPassword(); 130 if (newPassword != _T("") && newPassword != currentMPasswd) // We just changed the master password (and it is not empty), so we have to "migrate" the existing encrypted password from former encryption to new one 131 { 132 CInterProcessMutex mutex(MUTEX_SITEMANAGER); 133 CXmlFile file(_T("sitemanager")); 134 TiXmlElement* pDocument = file.Load(); 135 if (!pDocument) 136 { 137 wxMessageBox(file.GetError(), _("Error loading xml file"), wxICON_ERROR); 138 } 139 140 TiXmlElement* pElement = pDocument->FirstChildElement("Servers"); 141 if (pElement) 142 { 143 for (TiXmlElement* pServer = pElement->FirstChildElement("Server"); pServer; pServer = pServer->NextSiblingElement("Server")) 144 { 145 CServer s; 146 if (enablingEnc) 147 { 148 //* Encryption was previously disabled, so, disable it just the time to LOAD up the data 149 m_pOptions->SetOption(OPTION_ENCRYPT_PASSWORDS, 0); 150 } 151 if (::GetServer(pServer, s)) 152 { 153 wxString pass = s.GetPass(); // uses current master passwd 154 CCrypto::SetMasterPassword(newPassword); 155 //* Ensure encryption is enabled when we SAVE 156 m_pOptions->SetOption(OPTION_ENCRYPT_PASSWORDS, 1); 157 s.SetPass(pass); // will encrypt using new master password 158 CCrypto::SetMasterPassword(currentMPasswd); // back to former one for next loop 159 ::SetServer(pServer, s); 160 } 161 } 162 file.Save(); 163 } 164 } 165 CCrypto::SetMasterPassword(newPassword); 166 wxString passwdEncrypted = wxString(CCrypto::Encrypt(newPassword).c_str(), wxConvUTF8); 167 m_pOptions->SetOption(OPTION_MASTER_PASSWORD, passwdEncrypted); 168 } 169 170 171 63 172 if (!m_pOptions->OptionFromFzDefaultsXml(OPTION_DEFAULT_KIOSKMODE) && m_pOptions->GetOptionVal(OPTION_DEFAULT_KIOSKMODE) != 2) 64 173 SetOptionFromCheck(XRCID("ID_DONT_SAVE_PASSWORDS"), OPTION_DEFAULT_KIOSKMODE); 65 174 … … 80 189 81 190 m_pOwner->m_pMainFrame->UpdateLayout(layout, swap, GetChoice(XRCID("ID_MESSAGELOGPOS"))); 82 191 } 192 193 194 195 void COptionsPageInterface::SetCtrlState() 196 { 197 bool enabled = XRCCTRL(*this, "ID_ENCRYPT_PASSWORDS", wxCheckBox)->GetValue() == 1; 198 199 XRCCTRL(*this, "ID_MASTER_PASSWORD", wxTextCtrl)->Enable(enabled); 200 } 201 202 void COptionsPageInterface::OnEncryptPasswordsChanged(wxCommandEvent& event) 203 { 204 SetCtrlState(); 205 } 206 -
src/interface/FileZilla.cpp
70 70 IMPLEMENT_APP_NO_MAIN(CFileZillaApp); 71 71 #endif //__WXGTK__ 72 72 73 74 #include "../engine/crypto.h" 75 73 76 CFileZillaApp::CFileZillaApp() 74 77 { 75 78 m_pWrapEngine = 0; … … 316 319 CSessionManager::Init(); 317 320 #endif 318 321 322 323 if (COptions::Get()->GetOptionVal(OPTION_ENCRYPT_PASSWORDS)) 324 { 325 wxDialog pwdDlg; 326 wxXmlResource::Get()->LoadDialog(&pwdDlg, wxGetApp().GetTopWindow(), _T("ID_ENTERMASTERPASSWORD")); 327 XRCCTRL(pwdDlg, "wxID_OK", wxButton)->SetId(wxID_OK); 328 XRCCTRL(pwdDlg, "wxID_CANCEL", wxButton)->SetId(wxID_CANCEL); 329 pwdDlg.GetSizer()->Fit(&pwdDlg); 330 pwdDlg.GetSizer()->SetSizeHints(&pwdDlg); 331 332 wxString passwd; 333 while (passwd == _T("")) 334 { 335 if (pwdDlg.ShowModal() != wxID_OK) 336 exit(0); 337 passwd = XRCCTRL(pwdDlg, "ID_PASSWD", wxTextCtrl)->GetValue(); 338 if (passwd == _T("")) 339 { 340 wxMessageBox(_("No password provided provided."), _("Invalid input"), wxICON_EXCLAMATION); 341 continue; 342 } else if (!CCrypto::IsPassword(passwd)) 343 { 344 wxMessageBox(_("Wrong master password."), _("Invalid input"), wxICON_EXCLAMATION); 345 passwd = _T(""); 346 continue; 347 } 348 349 } 350 } 351 352 353 319 354 // Load the text wrapping engine 320 355 m_pWrapEngine = new CWrapEngine(); 321 356 m_pWrapEngine->LoadCache(); -
src/interface/Options.h
82 82 OPTION_TOOLBAR_HIDDEN, 83 83 OPTION_STRIP_VMS_REVISION, 84 84 OPTION_INTERFACE_SITEMANAGER_ON_STARTUP, 85 85 86 OPTION_ENCRYPT_PASSWORDS, 87 OPTION_MASTER_PASSWORD, 88 OPTION_ENCRYPT_ITERATIONS, 89 86 90 // Default/internal options 87 91 OPTION_DEFAULT_SETTINGSDIR, 88 92 OPTION_DEFAULT_KIOSKMODE, -
src/interface/resources/settings.xrc
1305 1305 <label>D&o not save passwords</label> 1306 1306 </object> 1307 1307 </object> 1308 <!-- Start of @td --> 1308 1309 <object class="sizeritem"> 1310 <object class="wxCheckBox" name="ID_ENCRYPT_PASSWORDS"> 1311 <label>&Encrypt passwords</label> 1312 </object> 1313 <flag>wxALIGN_CENTRE_VERTICAL</flag> 1314 </object> 1315 <object class="sizeritem"> 1316 <object class="wxTextCtrl" name="ID_MASTER_PASSWORD" > 1317 <style>wxTE_PASSWORD</style> 1318 </object> 1319 <flag>wxALIGN_CENTRE_VERTICAL|wxGROW</flag> 1320 </object> 1321 <!-- End of @td --> 1322 <object class="sizeritem"> 1309 1323 <object class="wxCheckBox" name="ID_MINIMIZE_TRAY"> 1310 1324 <label>&Minimize to tray</label> 1311 1325 </object> -
src/interface/resources/dialogs.xrc
1451 1451 </object> 1452 1452 </object> 1453 1453 </object> 1454 <!-- Start of @td --> 1455 <object class="wxDialog" name="ID_ENTERMASTERPASSWORD"> 1456 <title>Enter master password</title> 1457 <object class="wxBoxSizer"> 1458 <orient>wxVERTICAL</orient> 1459 <object class="sizeritem"> 1460 <object class="wxStaticText" name="ID_HEADER_PASS"> 1461 <label>Please enter the FileZilla master password :</label> 1462 </object> 1463 <flag>wxTOP|wxLEFT|wxRIGHT</flag> 1464 <border>5</border> 1465 </object> 1466 <object class="sizeritem"> 1467 <object class="wxTextCtrl" name="ID_PASSWD"> 1468 <style>wxTE_PASSWORD</style> 1469 </object> 1470 <flag>wxALL|wxGROW</flag> 1471 <border>5</border> 1472 </object> 1473 <object class="sizeritem"> 1474 <object class="wxBoxSizer"> 1475 <orient>wxHORIZONTAL</orient> 1476 <object class="sizeritem"> 1477 <object class="wxButton" name="wxID_OK"> 1478 <label>&OK</label> 1479 <default>1</default> 1480 </object> 1481 <flag>wxALL|wxGROW</flag> 1482 <border>5</border> 1483 </object> 1484 <object class="sizeritem"> 1485 <object class="wxButton" name="wxID_CANCEL"> 1486 <label>&Cancel</label> 1487 </object> 1488 <flag>wxALL| wxGROW</flag> 1489 <border>5</border> 1490 </object> 1491 </object> 1492 <flag>wxALIGN_CENTRE_HORIZONTAL</flag> 1493 </object> 1494 </object> 1495 </object> 1496 <!-- End of @td --> 1454 1497 <object class="wxDialog" name="ID_INPUTDIALOG"> 1455 1498 <object class="wxBoxSizer"> 1456 1499 <orient>wxVERTICAL</orient> -
src/include/server.h
78 78 unsigned int GetPort() const; 79 79 enum LogonType GetLogonType() const; 80 80 wxString GetUser() const; 81 wxString GetPass( ) const;81 wxString GetPass(bool decrypt=true) const; 82 82 wxString GetAccount() const; 83 83 int GetTimezoneOffset() const; 84 84 enum PasvMode GetPasvMode() const; … … 94 94 bool SetHost(wxString Host, unsigned int port); 95 95 96 96 void SetLogonType(enum LogonType logonType); 97 bool SetUser(const wxString& user, const wxString& pass = _T("")); 97 bool SetUser(const wxString& user, const wxString& pass = _T(""), bool alreadyEncrypted = false); 98 bool SetPass(const wxString& pass, bool alreadyEncrypted = false); 98 99 bool SetAccount(const wxString& account); 99 100 100 101 CServer& operator=(const CServer &op); -
src/engine/server.cpp
1 1 #include <filezilla.h> 2 #include "server.h" 2 3 4 5 #include "../interface/Options.h" 6 #include "crypto.h" 7 8 3 9 struct t_protocolInfo 4 10 { 5 11 const enum ServerProtocol protocol; … … 227 233 228 234 m_port = port; 229 235 m_user = user; 230 m_pass = pass; 236 237 SetPass(pass); 238 231 239 m_account = _T(""); 232 240 if (m_logonType != ASK && m_logonType != INTERACTIVE) 233 241 { 234 if (m_user == _T("")) 242 if (m_user == _T("")) { 235 243 m_logonType = ANONYMOUS; 236 else if (m_user == _T("anonymous")) 237 if (m_pass.IsEmpty() || m_pass == _T("anonymous@example.com")) 244 } else if (m_user == _T("anonymous")) { 245 wxString pwd = GetPass(); 246 if (pwd.IsEmpty() || pwd == _T("anonymous@example.com")) 238 247 m_logonType = ANONYMOUS; 239 248 else 240 249 m_logonType = NORMAL; 241 else250 } else { 242 251 m_logonType = NORMAL; 252 } 243 253 } 244 254 245 255 if (m_protocol == UNKNOWN) … … 276 286 return m_user; 277 287 } 278 288 279 wxString CServer::GetPass() const 289 290 wxString CServer::GetPass(bool decrypt/*=true*/) const 280 291 { 281 if (m_logonType == ANONYMOUS) 292 if (m_logonType == ANONYMOUS) { 282 293 return _T("anon@localhost"); 294 } 283 295 296 if(COptions::Get()->GetOptionVal(OPTION_ENCRYPT_PASSWORDS) && decrypt) { 297 wxString result = wxString(CCrypto::Decrypt(m_pass).c_str(), wxConvUTF8); 298 return result; 299 } 284 300 return m_pass; 285 301 } 286 302 303 287 304 wxString CServer::GetAccount() const 288 305 { 289 306 if (m_logonType != ACCOUNT) … … 300 317 m_port = op.m_port; 301 318 m_logonType = op.m_logonType; 302 319 m_user = op.m_user; 303 m_pass = op.m_pass; 320 321 SetPass(op.GetPass()); 322 304 323 m_account = op.m_account; 305 324 m_timezoneOffset = op.m_timezoneOffset; 306 325 m_pasvMode = op.m_pasvMode; … … 333 352 334 353 if (m_logonType == NORMAL) 335 354 { 336 if ( m_pass != op.m_pass)355 if (GetPass() != op.GetPass()) 337 356 return false; 338 357 } 339 358 else if (m_logonType == ACCOUNT) 340 359 { 341 if ( m_pass != op.m_pass)360 if (GetPass() != op.GetPass()) 342 361 return false; 343 362 if (m_account != op.m_account) 344 363 return false; … … 403 422 404 423 if (m_logonType == NORMAL) 405 424 { 406 cmp = m_pass.Cmp(op.m_pass);425 cmp = GetPass().Cmp(op.GetPass()); 407 426 if (cmp < 0) 408 427 return true; 409 428 else if (cmp > 0) … … 411 430 } 412 431 else if (m_logonType == ACCOUNT) 413 432 { 414 cmp = m_pass.Cmp(op.m_pass);433 cmp = GetPass().Cmp(op.GetPass()); 415 434 if (cmp < 0) 416 435 return true; 417 436 else if (cmp > 0) … … 513 532 m_port = port; 514 533 m_logonType = NORMAL; 515 534 m_user = user; 516 m_pass = pass; 535 536 SetPass(pass); 537 517 538 m_account = account; 518 539 } 519 540 … … 569 590 return true; 570 591 } 571 592 572 bool CServer::SetUser(const wxString& user, const wxString& pass /*=_T("")*/ )593 bool CServer::SetUser(const wxString& user, const wxString& pass /*=_T("")*/, bool alreadyEncrypted/* = false*/) 573 594 { 574 595 if (m_logonType == ANONYMOUS) 575 596 return true; … … 578 599 { 579 600 if (m_logonType != ASK && m_logonType != INTERACTIVE) 580 601 return false; 581 m_pass = _T(""); 602 SetPass(_T(""), alreadyEncrypted); 603 } else { 604 SetPass(pass, alreadyEncrypted); 582 605 } 583 else584 m_pass = pass;585 606 586 607 m_user = user; 587 608 588 609 return true; 589 610 } 590 611 612 bool CServer::SetPass(const wxString& pass, bool alreadyEncrypted/* = false*/) { 613 if(COptions::Get()->GetOptionVal(OPTION_ENCRYPT_PASSWORDS) && !alreadyEncrypted) { 614 m_pass = wxString(CCrypto::Encrypt(pass).c_str(), wxConvUTF8); 615 } else { 616 m_pass = pass; 617 } 618 return true; 619 } 620 621 591 622 bool CServer::SetAccount(const wxString& account) 592 623 { 593 624 if (m_logonType != ACCOUNT) … … 676 707 m_port = 21; 677 708 m_logonType = ANONYMOUS; 678 709 m_user = _T(""); 679 m_pass = _T(""); 710 711 SetPass(_T("")); 712 680 713 m_account = _T(""); 681 714 m_timezoneOffset = 0; 682 715 m_pasvMode = MODE_DEFAULT; -
src/engine/crypto.cpp
1 #include <filezilla.h> 2 #include "crypto.h" 3 4 #include "../interface/Options.h" 5 6 #include <string> 7 8 #include "cryptlib.h" 9 #include "osrng.h" 10 #include "sha.h" 11 #include "aes.h" 12 #include "hex.h" 13 #include "integer.h" 14 #include "pwdbased.h" 15 #include "modes.h" 16 17 const std::string CCrypto::HEXSALT = "E5579A8EC1FB90310103718E4DF80495"; 18 const std::string CCrypto::HEXIV = "B56E5AC5D1F2E4873E7F408C51F4ED52"; 19 wxString CCrypto::masterPassword; 20 21 using namespace std; 22 23 wxString CCrypto::GetMasterPassword() { 24 return masterPassword; 25 } 26 27 bool CCrypto::IsPassword(wxString passwd) { 28 wxString backup = GetMasterPassword(); 29 SetMasterPassword(passwd); 30 wxString decrypt = wxString(Decrypt(COptions::Get()->GetOption(OPTION_MASTER_PASSWORD)).c_str(), wxConvUTF8); 31 if (decrypt != passwd) 32 { 33 SetMasterPassword(backup); 34 return false; 35 } 36 return true; 37 } 38 39 string CCrypto::Decrypt(wxString m_pass) { 40 using namespace std; 41 using namespace CryptoPP; 42 string ciphertext = string(m_pass.mb_str()); 43 44 string password = string(GetMasterPassword().mb_str()); 45 46 int iterations = COptions::Get()->GetOptionVal(OPTION_ENCRYPT_ITERATIONS); 47 48 iterations = (iterations > 0) ? iterations : 1; 49 50 SecByteBlock recoveredsalt(AES::DEFAULT_KEYLENGTH); 51 52 StringSource saltDecoder(HEXSALT,true,new HexDecoder(new ArraySink(recoveredsalt, recoveredsalt.size()))); 53 54 SecByteBlock recoverediv(AES::BLOCKSIZE); 55 56 StringSource ivDecoder(HEXIV,true,new HexDecoder(new ArraySink(recoverediv, recoverediv.size()))); 57 58 SecByteBlock recoveredkey(AES::DEFAULT_KEYLENGTH); 59 60 PKCS5_PBKDF2_HMAC<SHA256> pbkdf; 61 62 pbkdf.DeriveKey(recoveredkey, recoveredkey.size(), 0x00, (byte *) password.data(), password.size(), 63 recoveredsalt, recoveredsalt.size(), iterations); 64 65 CBC_Mode<AES>::Decryption aesdecryption(recoveredkey, recoveredkey.size(), recoverediv); 66 67 string recoveredtext; 68 69 try { 70 StringSource decryptor(ciphertext, true, new HexDecoder( 71 new StreamTransformationFilter(aesdecryption, new StringSink(recoveredtext)) 72 )); 73 } catch(Exception e) { 74 recoveredtext = ""; 75 } 76 77 return recoveredtext; 78 } 79 80 string CCrypto::Encrypt(wxString pass) { 81 using namespace std; 82 using namespace CryptoPP; 83 string password = string(GetMasterPassword().mb_str()); 84 85 string message = string(pass.mb_str()); 86 87 int iterations = COptions::Get()->GetOptionVal(OPTION_ENCRYPT_ITERATIONS); 88 89 iterations = (iterations > 0) ? iterations : 1; 90 SecByteBlock recoveredsalt(AES::DEFAULT_KEYLENGTH); 91 92 StringSource saltDecoder(HEXSALT,true,new HexDecoder(new ArraySink(recoveredsalt, recoveredsalt.size()))); 93 94 SecByteBlock recoverediv(AES::BLOCKSIZE); 95 StringSource ivDecoder(HEXIV,true,new HexDecoder(new ArraySink(recoverediv, recoverediv.size()))); 96 97 SecByteBlock derivedkey(AES::DEFAULT_KEYLENGTH); 98 99 PKCS5_PBKDF2_HMAC<SHA256> pbkdf; 100 pbkdf.DeriveKey( 101 // buffer that holds the derived key 102 103 derivedkey, derivedkey.size(), 104 // purpose byte. unused by this PBKDF implementation. 105 0x00, 106 // password bytes. careful to be consistent with encoding... 107 (byte *) password.data(), password.size(), 108 // salt bytes 109 recoveredsalt, recoveredsalt.size(), 110 // iteration count. See SP 800-132 for details. You want this as large as you can tolerate. 111 // make sure to use the same iteration count on both sides... 112 iterations 113 ); 114 115 string ciphertext; 116 117 CBC_Mode<AES>::Encryption aesencryption(derivedkey,derivedkey.size(), recoverediv); 118 // encrypt message using key derived above, storing the hex encoded result into ciphertext 119 120 try { 121 StringSource encryptor(message,true, 122 new StreamTransformationFilter(aesencryption, new HexEncoder( new StringSink(ciphertext))) 123 ); 124 } catch(Exception e) { 125 ciphertext = ""; 126 } 127 return ciphertext; 128 } 129 130 void CCrypto::SetMasterPassword(wxString pass) { 131 masterPassword = pass; 132 } 133 No newline at end of file -
src/engine/Makefile.am
38 38 tlssocket.cpp \ 39 39 threadex.cpp \ 40 40 timeex.cpp \ 41 transfersocket.cpp 41 transfersocket.cpp \ 42 crypto.cpp # @td 42 43 43 44 noinst_HEADERS = backend.h \ 44 45 ControlSocket.h \ … … 54 55 servercapabilities.h \ 55 56 sftpcontrolsocket.h \ 56 57 tlssocket.h \ 57 transfersocket.h 58 transfersocket.h \ 59 crypto.h # @td 58 60 59 61 dist_noinst_DATA = engine.vcproj 60 62 -
src/engine/crypto.h
1 #ifndef __CRYPTO_H__ 2 #define __CRYPTO_H__ 3 4 #include "string" 5 6 class CCrypto 7 { 8 public: 9 static std::string Decrypt(wxString m_pass); 10 static std::string Encrypt(wxString m_pass); 11 static wxString GetMasterPassword(); 12 static void SetMasterPassword(wxString pass); 13 static bool IsPassword(wxString passwd); 14 15 static const std::string HEXSALT; 16 static const std::string HEXIV; 17 protected: 18 static wxString masterPassword;//# UNENCRYPTED PASSWORD, used for encrypting and decrypting 19 }; 20 21 22 #endif //__CRYPTO_H__