1pass 0.1.0

data/bin/1pass

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+
+require '1pass'
+require 'optparse'
+require 'ostruct'
+require 'highline/import'
+
+options = OpenStruct.new
+
+opts = OptionParser.new do |opts|
+  opts.banner = "Usage: 1pass [options]"
+
+  opts.on("-l", "--list", "List all keychain entries") do |l|
+    options.list = true
+  end
+
+  opts.on("-k", "--key [key-name]", "Get details for given key name") do |k|
+    options.key = k
+  end  
+
+  opts.on("-f", "--field [field-name]", "Get value for given field. Key should also be specified with -k or --key") do |f|
+    options.field = f
+  end  
+end
+
+opts.parse!(ARGV)
+
+agile_keychain = AgileKeychain.new
+
+if(options.list)
+	agile_keychain.list
+elsif(options.key)
+	master_password = ask("Enter your master password:  ") { |q| q.echo = "*" }
+	agile_keychain.load(master_password, options.key, options.field)
+else
+	puts opts
+end

data/lib/1pass.rb

@@ -0,0 +1,20 @@
+require "1pass/version"
+require "keychain"
+
+class AgileKeychain
+	def initialize(path=nil)
+		path = path || "#{ENV["HOME"]}/Library/Application Support/1Password/1Password.agilekeychain"
+		@keychain = Keychain.new(path)
+	end
+
+	def list
+		@keychain.content.items.map {|i| puts i.name}
+	end
+
+	def load(master_password, key_name, field_name=nil) 
+  		@keychain.unlock(master_password)
+  		key = @keychain.get(key_name)
+  		return unless key
+  		puts field_name ? key.find(field_name) : key.fields
+	end
+end

data/lib/1pass/version.rb

@@ -0,0 +1,3 @@
+module OnePass
+  VERSION = "0.1.0"
+end

data/lib/content.rb

@@ -0,0 +1,19 @@
+class Content
+	attr_reader :items
+
+	def initialize(data)
+		@items = data.map {|item| ContentItem.new item}
+	end
+
+	def find(name)
+		@items.select {|i| i.name == name}.first
+	end
+end
+
+class ContentItem
+	attr_reader :uuid, :name, :type
+
+	def initialize(item)
+		@uuid, @type, @name, @url, @timestamp, @folder, @strength, @trashed = item
+	end
+end

data/lib/decrypt.rb

@@ -0,0 +1,53 @@
+require 'openssl'
+
+class Decrypt
+	def self.base64_decode(base64_encoded_string)
+		decoded_data = base64_encoded_string.unpack('m')[0]
+		salt = decoded_data[8..15]
+		data = decoded_data[16..decoded_data.length-1]
+		{salt: salt, data: data}
+	end
+
+	def self.aes_decrypt(data, key, iv)
+		decipher = OpenSSL::Cipher::AES.new(128, :CBC)
+		decipher.decrypt
+		decipher.key = key
+		decipher.iv = iv
+		begin
+			plain = decipher.update(data)
+			plain << decipher.final
+		rescue OpenSSL::Cipher::CipherError
+			nil
+		end
+	end	
+
+	def self.derive_pbkdf2(password, salt, iterations)
+		key_and_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(password, salt, iterations, 32)
+		{key: key_and_iv[0,16], iv: key_and_iv[16..-1]}
+	end
+
+	def self.derive_openssl(key, content_salt)
+		key = key[0,1024]
+		key_and_iv = ""
+		prev = ""
+
+		while key_and_iv.length < 32 do
+		    prev = Digest::MD5.digest(prev + key + content_salt)
+		    key_and_iv << prev
+		end
+
+		{key: key_and_iv[0,16], iv: key_and_iv[16..-1]}
+	end
+
+	def self.decrypt_pbkdf2(master_password, data, iterations)
+		encrypted = base64_decode(data)
+		key_and_iv = derive_pbkdf2(master_password, encrypted[:salt], iterations)
+		aes_decrypt(encrypted[:data], key_and_iv[:key], key_and_iv[:iv])
+	end
+
+	def self.decrypt_ssl(master_key, validation)
+		encrypted = base64_decode(validation)
+		key_and_iv = derive_openssl(master_key, encrypted[:salt])
+		aes_decrypt(encrypted[:data], key_and_iv[:key], key_and_iv[:iv])
+	end	
+end

data/lib/encryption_key.rb

@@ -0,0 +1,32 @@
+require 'decrypt'
+
+class EncryptionKey	
+	attr_reader :items
+
+	def initialize(data)
+		@items = data['list'].map {|k| EncryptionKeyItem.new k}
+	end
+
+	def unlock(password)
+		@items.collect {|ek| ek.unlock password}.all?
+	end
+
+	def get(identifier)
+		@items.select {|ek| ek.identifier == identifier}.first
+	end
+end
+
+class EncryptionKeyItem
+	attr_reader :identifier, :decrypted_master_key
+
+	def initialize(hash_)
+		@identifier, @data, @validation, @iterations = hash_.values_at("identifier", "data", "validation", "iterations")
+	end
+
+	def unlock(password)
+		@decrypted_master_key = Decrypt.decrypt_pbkdf2(password, @data, @iterations)
+		return false unless @decrypted_master_key
+		validation_key = Decrypt.decrypt_ssl(@decrypted_master_key, @validation)
+		@decrypted_master_key == validation_key
+	end	
+end

data/lib/key.rb

@@ -0,0 +1,44 @@
+class Key
+	attr_reader :key_id, :encrypted
+
+	def types
+		{"webforms.WebForm" => WebForm, 
+		 "passwords.Password" => Password}
+	end
+
+	def initialize(hash_)
+		@key_id, @encrypted, @type_name = hash_.values_at("keyID", "encrypted", "typeName")
+	end
+
+	def decrypt(encryption_key)
+		decrypted_master_key = encryption_key.get(@key_id).decrypted_master_key
+		return unless decrypted_master_key
+		decrypted_content = JSON.parse Decrypt.decrypt_ssl(decrypted_master_key, @encrypted)
+		types[@type_name].new decrypted_content
+	end
+end
+
+class WebForm
+	attr_reader :fields
+
+	def initialize(hash_)
+		@notes_plain, @fields = hash_.values_at("notesPlain", "fields")
+	end
+
+	def find(name)
+		field = @fields.select {|f| f["name"] == name || f["designation"] == name}.first
+		field["value"]
+	end
+end
+
+class Password
+	attr_reader :fields
+
+	def find(name)
+		@fields[name]
+	end
+	
+	def initialize(hash_)
+		@fields = hash_
+	end
+end

data/lib/keychain.rb

@@ -0,0 +1,39 @@
+require 'json'
+require 'encryption_key'
+require 'key'
+require 'content'
+
+class Keychain
+	attr_reader :encryption_key, :content
+
+	def initialize(path)
+		@path = path
+		load_encryption_keys
+		load_contents
+	end
+
+	def unlock(password)
+		@unlocked = @encryption_key.unlock(password)
+	end	
+
+	def get(name)
+		item = @content.find(name)
+		return unless item
+		key = Key.new load_file(item.uuid + ".1password")
+		key.decrypt(@encryption_key)
+	end
+
+	private
+	def load_encryption_keys
+		@encryption_key = EncryptionKey.new load_file("encryptionKeys.js")
+	end
+
+	def load_contents
+		@content = Content.new load_file("contents.js")
+	end
+
+	def load_file(file_name)
+		file = File.join(@path, "data", "default", file_name)
+		JSON.parse(IO.read(file))
+	end	
+end

metadata

@@ -0,0 +1,93 @@
+--- !ruby/object:Gem::Specification
+name: 1pass
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Lokeshwaran
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Command line client for AgileBits 1Password
+email:
+- dlokesh@gmail.com
+executables:
+- 1pass
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/1pass.rb
+- lib/1pass/version.rb
+- lib/content.rb
+- lib/decrypt.rb
+- lib/encryption_key.rb
+- lib/key.rb
+- lib/keychain.rb
+- bin/1pass
+homepage: https://github.com/dlokesh/1pass
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -2624167293769510500
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -2624167293769510500
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: 1pass-0.1.0
+test_files: []