funny-falcon · December 11, 2024 11:45
diff --git a/mypassw.rb b/mypassw.rb
 #!/usr/bin/env ruby
 require 'digest/sha2'
 require 'io/console'
 require 'base64'

 USAGE = <<EOF
 USAGE:
  #$0 set domain [file]
    - store encoded password for domain
  #$0 domain [file]
    - feed decoded password for domain to 'xclip -i -selection clipboard'
  #$0 -c domain [file]
    - feed decoded password for domain to 'xclip -i'
  #$0 -o domain [file]
    - print decoded password for domain
  #$0 -s search [file]
    - list matched domains
  #$0 -l
    - try to decode all passwords with same master password
 EOF

 unless "".respond_to?(:b)
  class String; def b; force_encoding('BINARY'); end; end
 end

 # Main goal is simplicity of reimplementation:
 # custom key deriving and custom cipher to be easy to reimplement in other languages.
 # key deriving is not the safest in a world, but should be good enough unless you are James Bond or predisent of America.
 # custom cipher function is certainly safe (and slow).

 K = 10
 M = 1024*1024
 def derive(pass)
  sha = Digest::SHA512.new
  K.times do
    all = []
    (M/sha.digest_length).times do
      all << sha.update(pass).digest
    end
    sha.update(all.sort.join)
  end
  sha.update(pass)
  sha.digest
 end

 def encrypt(pass, domain, dpass)
  rnd = Random.new
  seed = rnd.bytes(8)
  sha = Digest::SHA512.new
  sha.update(derive(pass+seed+domain))
  dpass = "%04x%s%s" % [dpass.bytesize, dpass.b, rnd.bytes(16+rnd.rand(64))]
  dpass << sha.dup.update(dpass).digest[0,4]
  (dpass.bytesize*2).times do
    head = dpass.slice!(0,1).getbyte(0)
    dpass << (head ^ sha.dup.update(dpass).digest.getbyte(0))
  end
  Base64.strict_encode64(seed+dpass)
 end

 def decrypt(pass, domain, dpass)
  dpass = Base64.strict_decode64(dpass)
  seed = dpass.slice!(0,8)
  sha = Digest::SHA512.new
  sha.update(derive(pass+seed+domain))
  (dpass.bytesize*2).times do
    head = dpass.slice!(-1,1).getbyte(0)
    dpass[0,0] = (head ^ sha.dup.update(dpass).digest.getbyte(0)).chr
  end
  len = dpass[0,4].to_i(16)
  unless len <= dpass.bytesize-4 && sha.dup.update(dpass[0...-4]).digest[0,4] == dpass[-4..-1]
    return nil
  end
  dpass[4,len]
 end

 def decrypt_line(pass, line)
  return nil if line.nil? || line.empty?
  domain, dpass = line.split("\t", 2)
  decrypt(pass, domain, dpass)
 end

 def query(msg)
  if STDIN.tty?
    print msg
    pass = STDIN.noecho(&:gets).chomp.b
    print "\n"
    pass
  else
    pass = STDIN.gets.chomp.b
  end
 end

 def err(m)
  $stderr.puts(m)
  exit(1)
 end

 doset = false
 dolist = false
 dosearch = false
 xclip = :board
 case ARGV[0]
 when 'set'
  doset = true
  ARGV.shift
 when '-c'
  xclip = :clip
  ARGV.shift
 when '-o'
  xclip = nil
  ARGV.shift
 when '-s'
  dosearch = true
  ARGV.shift
 when '-l'
  dolist = true
  ARGV.shift
 end

 domen = ARGV.shift unless dolist

 if !ARGV.empty?
  file = ARGV.shift
 elsif ENV["PASSW"]
  file = ENV["PASSW"]
 else
  file = "~/.passw"
 end
 if !(dolist || !domen.nil?) || !ARGV.empty?
  puts USAGE
  exit(1)
 end
 file = File.expand_path(file)

 if File.readable?(file)
  lines = File.open(file, "rb").readlines.map(&:chomp).select{|l| !l.empty?}
 else
  lines = []
 end

 if dosearch
  puts lines.map{|l| l.split.first}.grep(Regexp.new(domen))
  exit(0)
 end

 pass = query "Master password:"

 if dolist
  lines.each do |l|
    domen, crypted = l.split("\t",2)
    dpass = decrypt(pass, domen, crypted)
    if dpass.nil?
      printf("%15s !!! fail\n", domen)
    else
      printf("%15s %s\n", domen, dpass)
    end
  end
  exit(0)
 end

 display_type = ENV['XDG_SESSION_TYPE']
 case display_type
 when 'x11'
  def xclip(dpass)
    IO.popen('xclip -i -l 2', 'w'){|f| f.write(dpass)}
    Process.daemon
    sleep(10)
    IO.popen('xclip -i', 'w'){|f| f.write("")}
  end
  def xclipboard(dpass)
    IO.popen('xclip -i -l 4 -selection clipboard', 'w'){|f| f.write(dpass)}
    Process.daemon
    sleep(10)
    IO.popen('xclip -i -selection clipboard', 'w'){|f| f.write("")}
  end
 when 'wayland'
  def xclip(dpass)
    IO.popen('wl-copy -o -p', 'w'){|f| f.write(dpass)}
    Process.daemon
    sleep(10)
    `wl-copy -c -p >/dev/null 2>&1`
  end
  def xclipboard(dpass)
    IO.popen('wl-copy -o', 'w'){|f| f.write(dpass)}
    Process.daemon
    sleep(10)
    `wl-copy -c >/dev/null 2>&1`
  end
 else
  raise "unknown display type #{display_type}"
 end


 d = domen+"\t"
 if doset
  if domen =~ /^master\d+$/
    err("could not overwrite #{domen}") if lines.any?{|l| l.start_with?(d)}
    dpass = query "Repeat password:"
    err("not matched") unless pass == dpass
  else
    err("unknown master") unless lines.grep(/^master\d+\s/).any?{|l| decrypt_line(pass, l)}
    dpass = query "Domain password:"
    dpass2 = query "Repeat password:"
    err("not matched") if dpass != dpass2
  end
  lines.delete_if{|l| l.start_with?(d)}
  lines << "#{d}#{encrypt(pass, domen, dpass)}"
  File.open(file+".tmp", "wb"){|f| f.write(lines.sort.join("\n")+"\n")}
  File.rename(file+".tmp", file)
  is_git = File.exist?(File.join(File.dirname(file), ".git"))
  if is_git
    Dir.chdir(File.dirname(file)) do
      system(*%W{git commit -a -m #{Time.now}\ #{domen}})
    end
  end
 else
  dpass = decrypt_line(pass, lines.find{|l| l.start_with?(d)})
  err("fail") if dpass.nil?
  case xclip
  when nil
    if STDOUT.tty?
      puts dpass
    else
      print dpass
    end
  when :clip
    xclip(dpass)
  when :board
    xclipboard(dpass)
  end
 end
	#!/usr/bin/env ruby
	require 'digest/sha2'
	require 'io/console'
	require 'base64'

	USAGE = <<EOF
	USAGE:
	#$0 set domain [file]
	- store encoded password for domain
	#$0 domain [file]
	- feed decoded password for domain to 'xclip -i -selection clipboard'
	#$0 -c domain [file]
	- feed decoded password for domain to 'xclip -i'
	#$0 -o domain [file]
	- print decoded password for domain
	#$0 -s search [file]
	- list matched domains
	#$0 -l
	- try to decode all passwords with same master password
	EOF

	unless "".respond_to?(:b)
	class String; def b; force_encoding('BINARY'); end; end
	end

	# Main goal is simplicity of reimplementation:
	# custom key deriving and custom cipher to be easy to reimplement in other languages.
	# key deriving is not the safest in a world, but should be good enough unless you are James Bond or predisent of America.
	# custom cipher function is certainly safe (and slow).

	K = 10
	M = 1024*1024
	def derive(pass)
	sha = Digest::SHA512.new
	K.times do
	all = []
	(M/sha.digest_length).times do
	all << sha.update(pass).digest
	end
	sha.update(all.sort.join)
	end
	sha.update(pass)
	sha.digest
	end

	def encrypt(pass, domain, dpass)
	rnd = Random.new
	seed = rnd.bytes(8)
	sha = Digest::SHA512.new
	sha.update(derive(pass+seed+domain))
	dpass = "%04x%s%s" % [dpass.bytesize, dpass.b, rnd.bytes(16+rnd.rand(64))]
	dpass << sha.dup.update(dpass).digest[0,4]
	(dpass.bytesize*2).times do
	head = dpass.slice!(0,1).getbyte(0)
	dpass << (head ^ sha.dup.update(dpass).digest.getbyte(0))
	end
	Base64.strict_encode64(seed+dpass)
	end

	def decrypt(pass, domain, dpass)
	dpass = Base64.strict_decode64(dpass)
	seed = dpass.slice!(0,8)
	sha = Digest::SHA512.new
	sha.update(derive(pass+seed+domain))
	(dpass.bytesize*2).times do
	head = dpass.slice!(-1,1).getbyte(0)
	dpass[0,0] = (head ^ sha.dup.update(dpass).digest.getbyte(0)).chr
	end
	len = dpass[0,4].to_i(16)
	unless len <= dpass.bytesize-4 && sha.dup.update(dpass[0...-4]).digest[0,4] == dpass[-4..-1]
	return nil
	end
	dpass[4,len]
	end

	def decrypt_line(pass, line)
	return nil if line.nil? \|\| line.empty?
	domain, dpass = line.split("\t", 2)
	decrypt(pass, domain, dpass)
	end

	def query(msg)
	if STDIN.tty?
	print msg
	pass = STDIN.noecho(&:gets).chomp.b
	print "\n"
	pass
	else
	pass = STDIN.gets.chomp.b
	end
	end

	def err(m)
	$stderr.puts(m)
	exit(1)
	end

	doset = false
	dolist = false
	dosearch = false
	xclip = :board
	case ARGV[0]
	when 'set'
	doset = true
	ARGV.shift
	when '-c'
	xclip = :clip
	ARGV.shift
	when '-o'
	xclip = nil
	ARGV.shift
	when '-s'
	dosearch = true
	ARGV.shift
	when '-l'
	dolist = true
	ARGV.shift
	end

	domen = ARGV.shift unless dolist

	if !ARGV.empty?
	file = ARGV.shift
	elsif ENV["PASSW"]
	file = ENV["PASSW"]
	else
	file = "~/.passw"
	end
	if !(dolist \|\| !domen.nil?) \|\| !ARGV.empty?
	puts USAGE
	exit(1)
	end
	file = File.expand_path(file)

	if File.readable?(file)
	lines = File.open(file, "rb").readlines.map(&:chomp).select{\|l\| !l.empty?}
	else
	lines = []
	end

	if dosearch
	puts lines.map{\|l\| l.split.first}.grep(Regexp.new(domen))
	exit(0)
	end

	pass = query "Master password:"

	if dolist
	lines.each do \|l\|
	domen, crypted = l.split("\t",2)
	dpass = decrypt(pass, domen, crypted)
	if dpass.nil?
	printf("%15s !!! fail\n", domen)
	else
	printf("%15s %s\n", domen, dpass)
	end
	end
	exit(0)
	end

	display_type = ENV['XDG_SESSION_TYPE']
	case display_type
	when 'x11'
	def xclip(dpass)
	IO.popen('xclip -i -l 2', 'w'){\|f\| f.write(dpass)}
	Process.daemon
	sleep(10)
	IO.popen('xclip -i', 'w'){\|f\| f.write("")}
	end
	def xclipboard(dpass)
	IO.popen('xclip -i -l 4 -selection clipboard', 'w'){\|f\| f.write(dpass)}
	Process.daemon
	sleep(10)
	IO.popen('xclip -i -selection clipboard', 'w'){\|f\| f.write("")}
	end
	when 'wayland'
	def xclip(dpass)
	IO.popen('wl-copy -o -p', 'w'){\|f\| f.write(dpass)}
	Process.daemon
	sleep(10)
	`wl-copy -c -p >/dev/null 2>&1`
	end
	def xclipboard(dpass)
	IO.popen('wl-copy -o', 'w'){\|f\| f.write(dpass)}
	Process.daemon
	sleep(10)
	`wl-copy -c >/dev/null 2>&1`
	end
	else
	raise "unknown display type #{display_type}"
	end


	d = domen+"\t"
	if doset
	if domen =~ /^master\d+$/
	err("could not overwrite #{domen}") if lines.any?{\|l\| l.start_with?(d)}
	dpass = query "Repeat password:"
	err("not matched") unless pass == dpass
	else
	err("unknown master") unless lines.grep(/^master\d+\s/).any?{\|l\| decrypt_line(pass, l)}
	dpass = query "Domain password:"
	dpass2 = query "Repeat password:"
	err("not matched") if dpass != dpass2
	end
	lines.delete_if{\|l\| l.start_with?(d)}
	lines << "#{d}#{encrypt(pass, domen, dpass)}"
	File.open(file+".tmp", "wb"){\|f\| f.write(lines.sort.join("\n")+"\n")}
	File.rename(file+".tmp", file)
	is_git = File.exist?(File.join(File.dirname(file), ".git"))
	if is_git
	Dir.chdir(File.dirname(file)) do
	system(*%W{git commit -a -m #{Time.now}\ #{domen}})
	end
	end
	else
	dpass = decrypt_line(pass, lines.find{\|l\| l.start_with?(d)})
	err("fail") if dpass.nil?
	case xclip
	when nil
	if STDOUT.tty?
	puts dpass
	else
	print dpass
	end
	when :clip
	xclip(dpass)
	when :board
	xclipboard(dpass)
	end
	end