passvault 0.1.2

data/.gitignore

@@ -0,0 +1,3 @@
+*.aux
+*.log
+*.synctex.gz

data/README.md

@@ -0,0 +1,65 @@
+# Passworld Vault
+
+## Manual
+
+Before launching the application, ensure the reader is plugged in. If a card is
+not inserted in the reader before launching the application, the application
+will ask you to insert your card.
+
+## System requirements
+
+* Ruby 1.9.x (with rubygems)
+* an internet connection to download the dependencies
+
+## Installation
+
+Simply unzip passvault.zip, open your system command-line interpreter, go to the
+unzipped directory and type: `gem install passvault-0.1.0.gem` (you might need
+`sudo` in front of that).
+
+## User Guide
+
+Our password vault comes with two different user interfaces. One is a command
+line interface and the other is graphical interface. Everyone can use the
+command line interface, but it is the only way to run administration commands.
+
+The user interfaces are provided with a timeout system that requires the
+user to re-type its password every five minutes. This mechanism allows to
+prevent a potential attacker to access the vault content if the user is away and
+forgets to close the application properly.
+
+Before launching one of the the application, ensure the reader is plugged in. If
+a card is not inserted in the reader before launching the application, the
+application will ask you to insert your card.
+
+### Command-line interface
+
+Command: `passvault`
+
+Available commands (copy of the inline help):
+
+    -- user commands --
+    list            : list the names of registered credentials
+    display <name>  : display a registered credential
+    clip <name>     : same as "display", but copies the password to the clipboard
+                      instead of displaying it
+    add <name>      : register a new credential'
+    remove <name>   : remove a registered credential'
+    edit <name>     : change a registered credential'
+    quit            : exit the program'
+    help            : display this help message'
+    -- administration commands --
+    reset           : reinitialize the vault'
+    erase           : erase the vault from the tag'
+
+### Graphical user interface
+
+Command: `passvault-gui`
+
+Note: the graphical user interface does not seem to work on Linux.
+
+Using our GUI is quite straightforward: when the interface is launched, the user
+is prompted to type its vault password. If its password is correct, the user
+access to the main part of the application, a window that shows the list of the
+entries name currently in the vault. The user simply has to double-click on an
+entry name to consult the associated password and login.

data/bin/passvault

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require_relative '../lib/console_ui'
+ConsoleUI.run

data/bin/passvault-gui

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require_relative '../lib/gui'
+VaultGUI::GUILauncher.new.main_loop

data/lib/bytes_manip.rb

@@ -0,0 +1,47 @@
+# Convenience methods to manipulate bytes.
+module BytesManipulation
+
+  # Converts a number to a little-endian array of n bytes.
+  def to_le_array(num, n)
+    out = Array.new(n)
+    out.each_index do |i|
+      out[i] = num % 256
+      num /= 256
+    end
+  end
+
+  # Converts a byte array to an array holding strings representing the numbers
+  # in base 16. For debugging purposes.
+  def to_hex_array(array)
+    array.flatten.map { |e| e.to_s(16) }
+  end
+
+  # Xors together two byte strings of the same length.
+  def bs_xor(bs1, bs2)
+    fail unless bs1.bytesize == bs2.bytesize
+    out = String.new(bs1)
+    (0 .. bs1.bytesize - 1).each do |i|
+      out.setbyte(i, bs1.getbyte(i) ^ bs2.getbyte(i))
+    end
+    out
+  end
+
+  # Rotate a byte string by n bytes to the right. n can be negative, and efault
+  # to 1.
+  def bs_rotate(bs, n=1)
+     bs.unpack('C*').rotate(n).pack('C*')
+  end
+
+  # DESFire-specific CRC algorithm taking a byte string as input and returning a
+  # byte string of length 2 as output.
+  def desfire_crc(data)
+    wCRC = 0x6363
+    data.each_byte do |byte|
+      byte = (byte ^ (wCRC & 0x00FF)) % 256
+      byte = (byte ^ (byte << 4)) % 256
+      wCRC = ((wCRC >> 8) ^ (byte << 8) ^ (byte << 3) ^ (byte >> 4)) % 65536
+    end
+    [wCRC & 0xFF, (wCRC >> 8) & 0xFF].pack("C*")
+  end
+
+end

data/lib/conn_cmds.rb

@@ -0,0 +1,337 @@
+require_relative 'bytes_manip'
+require_relative 'rights'
+
+class Connection
+  # This file contains functions wrapping card commands. Usually one function
+  # implements one card command. However, sometimes performing one "logical"
+  # command requires to send multiple card commands (e.g. <tt>authenticate()</tt>).
+
+  include BytesManipulation
+  include Rights
+
+  # Sets the given key settings (a +KeySettings+ object) for the currently
+  # selected application.
+  def change_key_settings(new_key_settings)
+    fail if
+      @key_settings and not @key_settings.can_change_key_settings?(@key_no)
+    data = encipher_data([new_key_settings.to_byte].pack('C*'))
+    response = send_card_cmd(CHANGE_KEY_SETTINGS, data.unpack('C*'))
+  end
+
+  # Retrieve and returns the key settings (as a +KeySettings+ object) for currently
+  # selected application. Sets <tt>@max_keys</tt> and <tt>@key_settings.</tt>
+  def get_key_settings
+    # We can't check for the permission to perform the operation since
+    # this would require knowing the key settings already.
+    response = send_card_cmd(GET_KEY_SETTINGS)[0]
+    @max_keys = response[1]
+    return @key_settings = KeySettings.from_byte(response[0])
+  end
+
+  # Returns the UID of the tag.
+  def get_uid
+    # GET_VERSION can always be performed without authentication.
+    # We don't care about the other information returned by GET_VERSION.
+    send_card_cmd(GET_VERSION)
+    send_card_cmd(SEND_MORE_DATA)
+    response = send_card_cmd(SEND_MORE_DATA)[0]
+    return response[1..8]
+  end
+
+  # Retrieve and return the file access rights (as a +FileAccess+ object) for the
+  # given file.
+  def get_file_rights(file_no)
+    response = send_card_cmd(GET_FILE_SETTINGS, [file_no])[0]
+    return Rights::FileAccess.from_a(response)
+  end
+
+  # Change key number +key_no+ to be +new_key+, the old key being +old_key+.
+  # After a successful change of the key used to reach the current
+  # authentication status, that authentication is invalidated: an authentication
+  # with the new key is necessary to subsequent operations.
+  def change_key(key_no, old_key, new_key)
+    fail if
+      @key_settings and not @key_settings.can_change_key?(@aid, key_no, @key_no)
+    if key_no == @key_no or @key_settings.change_key == Rights::FREE_ACCESS
+      data = encipher_data(new_key)
+    else
+      data = encipher_old_new_data(old_key, new_key)
+    end
+    send_card_cmd(CHANGE_KEY, [key_no, *data.unpack("C*")])[0]
+  end
+
+  # Returns an array containing all application IDs.
+  def get_app_ids
+    fail if @key_settings and not @key_settings.can_get0?(@aid, @key_no)
+    aids = []
+    begin
+      response, status = send_card_cmd(GET_APP_IDS)
+      response.each_slice(3) do |aid|
+        # note: on the DESFire, aid[1] and aid[2] should be 0
+        aids << aid[0] + 256 * aid[1] + 256*256 * aid[2]
+      end
+    end while (status == STATUS[:ADDITIONAL_FRAME])
+    return aids
+  end
+
+  # Create an application with given application ID, given number of keys and
+  # given key settings. The application should not already exist.
+  def create_app(aid, num_keys, key_settings)
+    fail if @key_settings and not @key_settings.can_create_app?(@aid, @key_no)
+    args = [*to_le_array(aid, 3), key_settings.to_byte, num_keys]
+    send_card_cmd(CREATE_APPLICATION, args)[0]
+  end
+
+  # Delete the given application from the tag. Beware that the memory lost will
+  # not be reusable before the tag is formatted. It is not advised to use this.
+  def delete_app(aid)
+    fail if @key_settings and not @key_settings.can_delete_app?(@aid, @key_no)
+    send_card_cmd(DELETE_APP, to_le_array(aid, 3))
+  end
+
+  # Returns an array containg all files IDs on the current application.
+  def get_file_ids
+    fail if @key_settings and not @key_settings.can_get?(@key_no)
+    send_card_cmd(GET_FILE_IDS)[0]
+  end
+
+  # Create a new file in the selected application with given access rights,
+  # size, and communication settings. The file should not already exists.
+  def create_file(file_no, rights, file_size)
+    fail if @key_settings and not @key_settings.can_edit_file?(@key_no)
+    args = [file_no, rights.com_set, *rights.to_a, *to_le_array(file_size, 3)]
+    send_card_cmd(CREATE_STD_DATA_FILE, args)[0]
+  end
+
+  # Delete the given file from the currently selected application from the
+  # tag. Beware that the memory lost will not be reusable before the tag is
+  # formatted. It is not advised to use this (overwrite the file instead).
+  def delete_file(file_no)
+    fail if @key_settings and not @key_settings.can_edit_file?(@key_no)
+    send_card_cmd(DELETE_FILE, [file_no])
+  end
+
+  # Read the entire file identified by file_no from the selected application.
+  def read_whole_file(file_no)
+    return read_file(file_no, 0, 0)
+  end
+
+  # Read the up to +length+ bytes in the given file (in the currently selected
+  # application), starting at the given offet. If +length+ is 0, the file read
+  # up to its end. A byte string is returned.
+  def read_file(file_no, offset, length)
+    args = [file_no, *to_le_array(offset, 3), *to_le_array(length, 3)]
+    response, status = send_card_cmd(READ_DATA, args)
+
+    data = response
+    while status == STATUS[:ADDITIONAL_FRAME]
+      response, status= send_card_cmd(SEND_MORE_DATA)
+      data += response
+    end
+    fail 'protocol_error' if length != 0 and data.length != length
+    handler = get_access_rights_read_handler(file_no)
+    return handler.call(length, data)
+  end
+
+  # Size of the first frame for the write operation.
+  WRITE_FFSIZ = 52
+
+  # Size of the subsequent frame for the write operation.
+  WRITE_SFSIZ = 59
+
+  # Write +length+ bytes of +data+ (a byte string) within the given file (in the
+  # currently selected application), starting at the given offset in the file.
+  #
+  # Pre: +data+ is a byte array 0 <= +length+ <= <tt>data.size</tt> <= 52+59
+  def write_file(file_no, offset, length, data)
+    handler = get_access_rights_write_handler(file_no)
+    # ! the line below may make data.length > length
+    data = handler.call(length, data.byteslice(0, length))
+
+    # The first frame contains at most WRITE_FFSIZ bytes.
+    block_size = [data.length, WRITE_FFSIZ].min
+    block = data.byteslice(0, block_size).unpack('C*')
+    args = [file_no, *to_le_array(offset, 3), *to_le_array(length, 3), *block]
+    send_card_cmd(WRITE_DATA, args)
+
+    # If there is more data to send, send subsequent frames.
+    remaining = data.length
+    while (remaining -= block.length) > 0
+      block_size = [remaining, WRITE_SFSIZ].min
+      block = data.byteslice(data.length - remaining, block_size).unpack('C*')
+      send_card_cmd(SEND_MORE_DATA, block)
+    end
+  end
+
+  # Erase all of the tag memory (except the tag master key).
+  def format
+    fail unless @aid === 0 && @key_no == 0
+    send_card_cmd(FORMAT_PICC)[0]
+  end
+
+  # Selects an application, and performs authentication and key settings
+  # retrieval for this application.
+  def select_app_auth(aid, key)
+    select_app(aid)
+    authenticate(0, key)
+    get_key_settings()
+  end
+
+  # Select the application with given application ID for future operations.
+  def select_app(aid)
+    @aid = aid
+    send_card_cmd(SELECT_APPLICATION, to_le_array(aid, 3))[0]
+  end
+
+  # Authenticate ourselves with key number `key_no`, which is provided in `key`,
+  # authenticate the tag and sets @sesskey. In case of success, @sesskey is set
+  # to the derived session key and is returned; @key_no and @key are set to the
+  # values of `key_no` and `key`. Any previous authentication is lost when
+  # running this function.
+  def authenticate(key_no, key)
+    # Below, after an underscore, t is for "tag", r is for "reader" (first
+    # letter) or for "rotated" (second letter) and c is for "ciphered".
+
+    # get tag nonce, decipher it, then rotate it
+    nonce_tc = send_card_cmd(GET_CIPHERED_NONCE, [key_no])[0].pack('C*')
+    nonce_t = decipher_receive(nonce_tc, key)
+    nonce_tr = bs_rotate(nonce_t, 1)
+
+    # pick a nonce
+    nonce_r = Random.new(Random.new_seed).bytes(8)
+
+    # obtain our proof of identity using our key
+    proof = decipher_send(nonce_r + nonce_tr, key)
+    response = send_card_cmd(SEND_MORE_DATA, proof.unpack('C*')) [0]
+    response = response.pack('C*')
+
+    # verify the tag proof of identity
+    proved = bs_rotate(decipher_receive(response, key), -1) == nonce_r
+
+    # derive and return the session key, or an exception if authentication failed
+    if proved
+      @key = key
+      @key_no = key_no
+      if key.byteslice(0, 8) != key.byteslice(8, 8)
+        return @sesskey = nonce_r.byteslice(0, 4) + nonce_t.byteslice(0, 4) +
+                   nonce_r.byteslice(4, 4) + nonce_t.byteslice(4, 4)
+      else
+        return @sesskey = nonce_r.byteslice(0, 4) + nonce_t.byteslice(0, 4) +
+                   nonce_r.byteslice(0, 4) + nonce_t.byteslice(0, 4)
+      end
+    else
+      @key = nil
+      @key_no = nil
+      @sesskey = nil
+      throw :authentication_failed, true
+    end
+  end
+
+  private ######################################################################
+
+  # "Enciphers" the given data for the DESFire tag (decipher in 3DES send mode,
+  # with CRC and padding).
+  def encipher_data(data)
+    pad_len = 8 - ((data.length + 2) % 8)
+    padded  = data +  desfire_crc(data) + Array.new(pad_len, 0).pack('C*')
+    return decipher_send(padded, @sesskey)
+  end
+
+  # "Enciphers" the given data, given the old value of the data for the DESFire
+  # tag (involves 3DES send mode, xoring, two CRCs and padding).
+  def encipher_old_new_data(old, new)
+    fail unless old.length == new.length
+    pad_len  = 8 - ((old.length + 4) % 8)
+    xored    = bs_xor(old, new)
+    with_crc = xored + desfire_crc(xored) + desfire_crc(new)
+    padded   = with_crc + Array.new(pad_len, 0).pack('C*')
+    return decipher_send(padded, @sesskey)
+  end
+
+  # Return a function that will extract readable file data from the transmitted
+  # file data, according the the file access permissions of the given file of
+  # the currently selected application.
+  def get_access_rights_read_handler(file_no)
+    rights = get_file_rights(file_no)
+    read_type = rights.read_type(@key_no)
+    fail 'access denied' unless read_type
+
+    case read_type
+    when Rights::CS_PLAIN
+      return ->(length, data) { data }
+    when Rights:: CS_PLAIN_MAC
+      fail 'MAC handling not implemented.'
+    when Rights::CS_CIPHERED
+      return ->(length, data) { decipher_data(length, data) }
+    end
+  end
+
+  # Decipher ciphered data received from the tag, also stripping the padding and
+  # the CRC at the end of the deciphered data. (functional)
+  def decipher_data(length, data)
+    fail unless data.length % 8 == 0
+    data = decipher_receive(data.pack('C*'), @sesskey)
+    if length == 0
+      data = strip_padding_whole_file(data)
+    else
+      data = strip_padding_partial_file(length + 2, data)
+    end
+    return remove_crc(data)
+  end
+
+  # Strip the padding at the end of deciphered file data received from the tag,
+  # when reading a whole file. (functional)
+  def strip_padding_whole_file(data)
+    i = data.rindex(WHOLE_FILE_PAD_MARKER)
+    return data if i == nil
+    pad_len = data.length - (i + 1)
+    if data.slice(i+1, pad_len) == Array.new(pad_len, 0).pack('C*')
+      return data.slice(0, i)
+    else
+      return data
+    end
+  end
+
+  # Strip the padding at the end of deciphered file data received from the tag,
+  # when reading a fixed chunk of a file. (functional)
+  def strip_padding_partial_file(length_with_crc, data)
+    pad_len = data.length - length_with_crc
+    if data.slice(length_with_crc, pad_len) == Array.new(pad_len, 0).pack('C*')
+      return data.slice(0, length_with_crc)
+    else
+      fail 'no padding when expected'
+    end
+  end
+
+  # Remove the CRC at the end of deciphered and "unpadded" file
+  # data. (functional)
+  def remove_crc(data)
+    len_with_crc = data.length
+    data.chomp!(desfire_crc(data[0..-3]))
+    throw Exception.new('Bad CRC.') if len_with_crc - 2 != data.length
+    return data
+  end
+
+  # Returns a function that will wrap readable file data in order to send it to
+  # the tag, according the the file access permissions of the given file of
+  # the currently selected application.
+  def get_access_rights_write_handler(file_no)
+    rights = get_file_rights(file_no)
+    write_type = rights.write_type(@key_no)
+    fail 'access denied' unless write_type
+
+    case write_type
+    when Rights::CS_PLAIN
+      return ->(length, data) { data }
+    when Rights::CS_PLAIN_MAC
+      fail 'MAC handling not implemented'
+    when Rights::CS_CIPHERED
+      return ->(length, data) {
+        data += desfire_crc(data)
+        data += Array.new(8 - ((length + 2) % 8), 0).pack('C*')
+        decipher_send(data, @sesskey)
+      }
+    end
+  end
+
+end