nouvelles options pour upassword

This commit is contained in:
Jephté Clain 2014-02-14 16:41:12 +04:00
parent 704f34029b
commit 6d2d02c22c
1 changed files with 275 additions and 120 deletions

233
upassword
View File

@ -4,7 +4,9 @@ compiler=javac
mainClass=upassword mainClass=upassword
compileAndGo compileAndGo
import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.io.StringWriter; import java.io.StringWriter;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
@ -17,6 +19,7 @@ import java.util.Random;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEKeySpec;
@ -51,6 +54,7 @@ public class upassword {
public static final void println(String text) { public static final void println(String text) {
System.out.println(text); System.out.println(text);
System.out.flush();
} }
public static final StringBuilder toHex(StringBuilder sb, byte b) { public static final StringBuilder toHex(StringBuilder sb, byte b) {
@ -4556,6 +4560,17 @@ public class upassword {
private static final String CIPHER = "AES/ECB/PKCS5Padding"; private static final String CIPHER = "AES/ECB/PKCS5Padding";
public static final byte[] genkey() throws Exception {
KeyGenerator kg = KeyGenerator.getInstance(AES);
kg.init(new SecureRandom());
SecretKey key = kg.generateKey();
return key.getEncoded();
}
public static final String genskey() throws Exception {
return Base64.encodeBytes(genkey());
}
public static final byte[] genkey(String password, byte[] salt, int iterations) public static final byte[] genkey(String password, byte[] salt, int iterations)
throws Exception { throws Exception {
if (salt == null) salt = Salt.getInstance().newBinarySalt(); if (salt == null) salt = Salt.getInstance().newBinarySalt();
@ -4584,6 +4599,10 @@ public class upassword {
return Base64.decode(skey); return Base64.decode(skey);
} }
public static final String getSkey(byte[] key) {
return Base64.encodeBytes(key, Base64.DONT_BREAK_LINES);
}
public static final byte[] encrypt(byte[] clear, byte[] key) throws Exception { public static final byte[] encrypt(byte[] clear, byte[] key) throws Exception {
if (clear == null) return null; if (clear == null) return null;
if (key == null) throw new NullPointerException("key is required"); if (key == null) throw new NullPointerException("key is required");
@ -4669,30 +4688,26 @@ public class upassword {
}; };
} }
private void run(String[] args) { private static final void die(String msg, Exception e) {
if (args.length == 1 && strEquals(args[0], "--help")) { if (msg != null) System.err.println(msg);
println("USAGE: upassword [-f aeskeyfile] [clear [salts...]]"); if (e != null) e.printStackTrace(System.err);
System.exit(0); System.err.flush();
System.exit(1);
} }
String aeskeyfile = null; // actions
if (args.length > 0 && args[0].substring(0, 2).equals("-f")) { private static enum EAction {
String opt = args[0]; HASH_PASSWORD, GEN_AESKEY, SHOW_AESKEY, AES_ENCRYPT, AES_DECRYPT;
int shift = 1;
if (opt.equals("-f")) {
if (args.length > 1) {
aeskeyfile = args[1];
shift = 2;
} }
} else {
aeskeyfile = args[0].substring(2); private static final void checkExisting(String aeskeyfile) {
} if (aeskeyfile == null) die("Vous devez spécifier l'option -f", null);
String[] newargs = new String[args.length - shift]; if (!new File(aeskeyfile).exists()) die(aeskeyfile + ": Fichier introuvable", null);
System.arraycopy(args, shift, newargs, 0, newargs.length);
args = newargs;
} }
private static final byte[] readAeskeyfile(String aeskeyfile) {
if (aeskeyfile == null) return null;
byte[] aeskey = null; byte[] aeskey = null;
if (aeskeyfile != null) {
try { try {
FileInputStream fis = new FileInputStream(aeskeyfile); FileInputStream fis = new FileInputStream(aeskeyfile);
try { try {
@ -4702,22 +4717,88 @@ public class upassword {
fis.close(); fis.close();
} }
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(System.err); die(null, e);
System.exit(1); }
return aeskey;
}
private static final void writeAeskeyfile(String aeskeyfile, byte[] key) {
if (aeskeyfile == null) return;
try {
FileOutputStream fis = new FileOutputStream(aeskeyfile);
try {
fis.write(key);
} finally {
fis.close();
}
} catch (Exception e) {
die(null, e);
} }
} }
private void run(String[] args) {
if (args.length == 1 && strEquals(args[0], "--help")) {
println("USAGE:" //
+ "\n upassword -p [-f aeskeyfile] [clear [salts...]]"
+ "\n upassword -f aeskeyfile -G [password [salt]]"
+ "\n upassword -f aeskeyfile -s"
+ "\n upassword -f aeskeyfile -e clear"
+ "\n upassword -f aeskeyfile -d crypted");
System.exit(0);
}
EAction action = EAction.HASH_PASSWORD;
String aeskeyfile = null;
int i = 0, max = args.length;
while (i < args.length) {
String arg = args[i];
if (arg.equals("-p")) {
action = EAction.HASH_PASSWORD;
i++;
} else if (arg.equals("-G")) {
action = EAction.GEN_AESKEY;
i++;
} else if (arg.equals("-s")) {
action = EAction.SHOW_AESKEY;
i++;
} else if (arg.equals("-e")) {
action = EAction.AES_ENCRYPT;
i++;
} else if (arg.equals("-d")) {
action = EAction.AES_DECRYPT;
i++;
} else if (arg.substring(0, 2).equals("-f")) {
int shift = 1;
if (arg.equals("-f")) {
if (args.length > i + 1) {
aeskeyfile = args[i + 1];
shift = 2;
}
} else {
aeskeyfile = arg.substring(2);
}
i += shift;
} else {
String[] newargs = new String[args.length - i];
System.arraycopy(args, i, newargs, 0, newargs.length);
args = newargs;
break;
}
}
switch (action) {
case HASH_PASSWORD: {
byte[] aeskey = readAeskeyfile(aeskeyfile);
String clear = null; String clear = null;
if (args.length > 0) clear = args[0]; if (args.length > 0) clear = args[0];
String salt = null;
if (args.length > 1) salt = args[1];
if (clear == null) { if (clear == null) {
PasswordGenerator pg = new PasswordGenerator(); PasswordGenerator pg = new PasswordGenerator();
clear = pg.generate(); clear = pg.generate();
} }
if (salt == null) { if (args.length <= 1) {
// Pas de salt, afficher simplement les versions cryptées des mots // Pas de salt, afficher simplement les versions cryptées des mots
// de passe pour tous les schemes. Le salt est choisi au hasard pour // de passe pour tous les schemes. Le salt est choisi au hasard pour
// chaque mot de passe. Il est donc différent à chaque fois. // chaque mot de passe. Il est donc différent à chaque fois.
@ -4729,16 +4810,17 @@ public class upassword {
ntlm = p.getNtlmHash(); ntlm = p.getNtlmHash();
} catch (Password.NotAvailableException e) { } catch (Password.NotAvailableException e) {
} }
String crypt = getPasswordAnySalt(clear, Password.CRYPT, salt).getNormalized(); String crypt = getPasswordAnySalt(clear, Password.CRYPT, null).getNormalized();
String sha = getPasswordAnySalt(clear, Password.SHA, salt).getNormalized(); String sha = getPasswordAnySalt(clear, Password.SHA, null).getNormalized();
String ssha = getPasswordAnySalt(clear, Password.SSHA, salt).getNormalized(); String ssha = getPasswordAnySalt(clear, Password.SSHA, null).getNormalized();
String md5 = getPasswordAnySalt(clear, Password.MD5, salt).getNormalized(); String md5 = getPasswordAnySalt(clear, Password.MD5, null).getNormalized();
String smd5 = getPasswordAnySalt(clear, Password.SMD5, salt).getNormalized(); String smd5 = getPasswordAnySalt(clear, Password.SMD5, null).getNormalized();
String aes = null; String aes = null;
if (aeskey != null) { if (aeskey != null) {
try { try {
aes = AESEnc.sencrypt(clear, aeskey); aes = AESEnc.sencrypt(clear, aeskey);
} catch (Exception e) { } catch (Exception e) {
die("Impossible de crypter avec AES", e);
} }
} }
@ -4756,23 +4838,27 @@ public class upassword {
// les schemes correspondant aux salts spécifiés, pour chacun des // les schemes correspondant aux salts spécifiés, pour chacun des
// salts spécifiés. // salts spécifiés.
println("clear: " + clear); println("clear: " + clear);
int i = 1, max = args.length; i = 1;
max = args.length;
while (i < max) { while (i < max) {
salt = args[i++]; String salt = args[i++];
if (Password.isNormalizedFormat(salt)) { if (Password.isNormalizedFormat(salt)) {
if (Password.isCryptScheme(salt)) { if (Password.isCryptScheme(salt)) {
String cryptSalt = Salt.getCryptSalt(salt); String cryptSalt = Salt.getCryptSalt(salt);
String crypt = getPasswordCryptSalt(clear, Password.CRYPT, cryptSalt).getNormalized(); String crypt = getPasswordCryptSalt(clear, Password.CRYPT, cryptSalt)
.getNormalized();
println("salt: " + cryptSalt); println("salt: " + cryptSalt);
println("crypt: " + crypt); println("crypt: " + crypt);
} else if (Password.isSshaScheme(salt)) { } else if (Password.isSshaScheme(salt)) {
byte[] sshaSalt = Salt.getSshaSalt(salt); byte[] sshaSalt = Salt.getSshaSalt(salt);
String ssha = getPasswordBinarySalt(clear, Password.SSHA, sshaSalt).getNormalized(); String ssha = getPasswordBinarySalt(clear, Password.SSHA, sshaSalt)
.getNormalized();
println("salt: " + toHex(sshaSalt)); println("salt: " + toHex(sshaSalt));
println("ssha: " + ssha); println("ssha: " + ssha);
} else if (Password.isSmd5Scheme(salt)) { } else if (Password.isSmd5Scheme(salt)) {
byte[] smd5Salt = Salt.getSmd5Salt(salt); byte[] smd5Salt = Salt.getSmd5Salt(salt);
String smd5 = getPasswordBinarySalt(clear, Password.SMD5, smd5Salt).getNormalized(); String smd5 = getPasswordBinarySalt(clear, Password.SMD5, smd5Salt)
.getNormalized();
println("salt: " + toHex(smd5Salt)); println("salt: " + toHex(smd5Salt));
println("smd5: " + smd5); println("smd5: " + smd5);
} else { } else {
@ -4780,26 +4866,95 @@ public class upassword {
} }
} else if (isHex(salt)) { } else if (isHex(salt)) {
byte[] binarySalt = fromHex(salt); byte[] binarySalt = fromHex(salt);
String ssha = getPasswordBinarySalt(clear, Password.SSHA, binarySalt).getNormalized(); String ssha = getPasswordBinarySalt(clear, Password.SSHA, binarySalt)
String smd5 = getPasswordBinarySalt(clear, Password.SMD5, binarySalt).getNormalized(); .getNormalized();
String smd5 = getPasswordBinarySalt(clear, Password.SMD5, binarySalt)
.getNormalized();
println("salt: " + toHex(binarySalt)); println("salt: " + toHex(binarySalt));
println("ssha: " + ssha); println("ssha: " + ssha);
println("smd5: " + smd5); println("smd5: " + smd5);
if (salt.length() >= 2) { if (salt.length() >= 2) {
String cryptSalt = Salt.getCryptSalt(salt); String cryptSalt = Salt.getCryptSalt(salt);
String crypt = getPasswordCryptSalt(clear, Password.CRYPT, cryptSalt).getNormalized(); String crypt = getPasswordCryptSalt(clear, Password.CRYPT, cryptSalt)
.getNormalized();
if (!salt.equals(cryptSalt)) println("salt: " + cryptSalt); if (!salt.equals(cryptSalt)) println("salt: " + cryptSalt);
println("crypt: " + crypt); println("crypt: " + crypt);
} }
} else { } else {
String cryptSalt = Salt.getCryptSalt(salt); String cryptSalt = Salt.getCryptSalt(salt);
String crypt = getPasswordCryptSalt(clear, Password.CRYPT, cryptSalt).getNormalized(); String crypt = getPasswordCryptSalt(clear, Password.CRYPT, cryptSalt)
.getNormalized();
println("salt: " + cryptSalt); println("salt: " + cryptSalt);
println("crypt: " + crypt); println("crypt: " + crypt);
} }
} }
} }
System.out.flush(); break;
}
case GEN_AESKEY: {
if (aeskeyfile == null) die("Vous devez spécifier l'option -f", null);
if (new File(aeskeyfile).exists()) {
die(aeskeyfile + ": Refus d'écraser un fichier existant", null);
}
String password = null;
if (args.length > 0) password = args[0];
String salt = null;
if (args.length > 1) salt = args[1];
byte[] key = null;
try {
if (password != null && salt != null) {
key = AESEnc.genkey();
} else {
key = AESEnc.genkey(password, salt.getBytes(UTF_8), -1);
}
} catch (Exception e) {
die(null, e);
}
writeAeskeyfile(aeskeyfile, key);
break;
}
case SHOW_AESKEY: {
checkExisting(aeskeyfile);
byte[] key = readAeskeyfile(aeskeyfile);
println(AESEnc.getSkey(key));
break;
}
case AES_ENCRYPT: {
checkExisting(aeskeyfile);
byte[] key = readAeskeyfile(aeskeyfile);
String sclear = null;
if (args.length > 0) sclear = args[0];
if (sclear != null) {
try {
println(AESEnc.sencrypt(sclear, key));
} catch (Exception e) {
die(null, e);
}
}
break;
}
case AES_DECRYPT: {
checkExisting(aeskeyfile);
byte[] key = readAeskeyfile(aeskeyfile);
String scrypted = null;
if (args.length > 0) scrypted = args[0];
if (scrypted != null) {
try {
println(AESEnc.sdecrypt(scrypted, key));
} catch (Exception e) {
die(null, e);
}
}
break;
}
}
} }
public static void main(String[] args) { public static void main(String[] args) {