Add files via upload

Parser/imp/t_party/doh.js

@@ -0,0 +1,134 @@
+// Copyright (c) 2012 Jake Willoughby
+// 
+// This file is part of DOH.
+// 
+// DOH is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// any later version.
+// 
+// DOH is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with DOH. See gpl3.txt. If not, see <http://www.gnu.org/licenses/>.
+
+// Requires 2.5.3-crypto-sha1-hmac-pbkdf2.js to be included first.
+// Requires js-yaml-0.3.7.min.js to be included first.
+
+var DOH = new function() {
+var lower = "abcdefghijklmnopqrstuvwxyz";
+var upper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+var num = "0123456789";
+var special = " !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
+
+var char_set = function(use,exclude) {
+ var use_vals = use.split(',').sort();
+ var even_split = Math.floor(64/use_vals.length);
+ var left = 64;
+ var pos = 0;
+ var final_set = "";
+ var size = 0;
+
+ for (var i=0; i<use_vals.length; i++) {
+ switch (use_vals[i]) {
+ case "c":
+ size = even_split;
+ if (size > upper.length) {
+ size = upper.length;
+ }
+ final_set += upper.substring(0,size);
+ left -= size;
+ break;
+ case "l":
+ size = even_split;
+ if (size > lower.length) {
+ size = lower.length;
+ }
+ final_set += lower.substring(0,size);
+ left -= size;
+ break;
+ case "n":
+ size = even_split;
+ if (size > num.length) {
+ size = num.length;
+ }
+ final_set += num.substring(0,size);
+ left -= size;
+ break;
+ case "x":
+ size = left;
+ if (size > special.length) {
+ size = special.length;
+ }
+ final_set += special.substring(0,size);
+ left -= size;
+ break;
+ default:
+ alert("Bad use string " + use);
+ }
+ }
+
+ var exclude_re = new RegExp ("[" + RegExp.escape(exclude) + "]", 'g');
+ final_set = final_set.replace(exclude_re,'');
+ while (final_set.length < 64) {
+ final_set += final_set;
+ }
+ return final_set;
+}
+
+this.trans_chars = function(str,from,to) {
+ var translate_re = new RegExp ("[" + from + "]", 'g');
+ return (str.replace(translate_re, function(match) {
+ return to.substr(from.indexOf(match),1); })
+ );
+}
+
+// Thanks to: http://simonwillison.net/2006/jan/20/escape/
+RegExp.escape = function(text) {
+ return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
+}
+
+var get_domain_reqs = function(domain) {
+ var rsp = {};
+ var ds = DOH_UI.domainSpecs;
+ if (!(domain in ds)) {
+ domain = "defaults";
+ }
+ var d = ds[domain];
+ rsp.use = d.use;
+ rsp.exclude = d.exclude;
+ rsp.length = d.max_length;
+ return rsp;
+}
+
+this.gen_password = function(opts) { //hashedMaster,salt,seq,domain) {
+ var hashedMaster = opts['hashedMaster'];
+ var salt = opts['salt'];
+ var seq = opts['seq'];
+ var domain = opts['domain'];
+ var hashFunction = opts['hashFunction'];
+ if (hashFunction == "sha1") {
+ hashFunction = Crypto.SHA1;
+ }
+ else if (hashFunction == "sha256") {
+ hashFunction = Crypto.SHA256;
+ }
+ else {
+ hashFunction = Crypto.SHA256;
+ }
+ var reqs = get_domain_reqs(domain);
+
+ // Convert character length into byte lengths
+ var len = Math.ceil(reqs.length*6/8); 
+ var foo = Crypto.PBKDF2(hashedMaster,seq + domain + salt,len, {iterations: 2000, 
+ asBytes: true,
+ hasher: hashFunction});
+ foo = Crypto.util.bytesToBase64(foo);
+ var set = char_set(reqs.use, reqs.exclude);
+ var result = DOH.trans_chars(foo,upper+lower+num+"+/", set);
+ return result;
+}
+};

Parser/imp/t_party/doh_ui.js

@@ -0,0 +1,131 @@
+// Copyright (c) 2012 Jake Willoughby
+// 
+// This file is part of DOH.
+// 
+// DOH is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// any later version.
+// 
+// DOH is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with DOH. See gpl3.txt. If not, see <http://www.gnu.org/licenses/>.
+
+
+// Requires jquery.
+
+var DOH_UI = new function() {
+ var master = "";
+ var masterHash = "";
+ var salt = "";
+ var host = "";
+ var seq = "";
+ this.domainSpecs = "";
+ var dohHashFunction = "sha256";
+ var selectedHasher = DOH.gen_password;
+ var selectedHasherString = "DOHsha256";
+ var selectedHasherIsSecure = true;
+
+ this.init = function(domain_info) {
+ if (domain_info) {
+ this.domainSpecs = domain_info;
+ }
+ else {
+ $.getJSON('domain_specs.json', function (data) {
+ DOH_UI.domainSpecs = data;
+ });
+ }
+ };
+
+ var hostSource = function() {
+ };
+
+ var getHost = function() {
+ return host;
+ };
+
+ this.getSalt = function() {
+ return salt;
+ };
+
+ this.isSetMaster = function() {
+ if (masterHash != "") {
+ return true;
+ }
+ return false;
+ };
+
+ this.getPassword = function() {
+ var host = getHost();
+ var opts = {'domain': host, 
+ 'salt': DOH_UI.getSalt(),
+ 'hashedMaster': masterHash,
+ 'seq': DOH_UI.getSequence(), 
+ 'hashFunction': dohHashFunction};
+ if (!selectedHasherIsSecure) {
+ opts['password'] = master;
+ }
+ if (host) {
+ return selectedHasher(opts);
+ }
+ return "Invalid domain string.";
+ };
+ this.setMaster = function(password) {
+ if (password == "") {
+ return;
+ }
+ if (!selectedHasherIsSecure) {
+ master = password;
+ }
+ masterHash = Crypto.util.bytesToBase64(Crypto.SHA256(DOH_UI.getSalt() + password, {asBytes: true}));
+ };
+
+ this.setSequence = function(sequenceString) {
+ seq = sequenceString;
+ }
+ this.getSequence = function() {
+ return seq;
+ }
+
+ this.setHasher = function(hasherString) {
+ var h = hasherString;
+ selectedHasherString = h;
+ selectedHasherIsSecure = true;
+ if (h == "DOHsha1") {
+ selectedHasher = DOH.gen_password;
+ dohHashFunction = "sha1";
+ }
+ else if (h == "DOHsha256") {
+ selectedHasher = DOH.gen_password;
+ dohHashFunction = "sha256";
+ }
+ else if (h == "INSECUREmd5hash") {
+ selectedHasher = INSECURE.md5hash;
+ selectedHasherIsSecure = false;
+ }
+ else if (h == "INSECUREangel") {
+ selectedHasher = INSECURE.angel;
+ selectedHasherIsSecure = false;
+ }
+ };
+ this.getHasher = function() {
+ return selectedHasherString;
+ };
+
+ this.setSalt = function(s) {
+ salt = s;
+ };
+ this.setHost = function(h) {
+ var match = h.match(/([-A-Za-z0-9]+\.)*([-A-Za-z0-9]*\.[-A-Za-z0-9]+)/);
+ if (match && 2 in match) {
+ host = match[2];
+ }
+ else {
+ host = null;
+ }
+ };
+};

Parser/imp/t_party/insecure.js

@@ -0,0 +1,102 @@
+// Copyright (c) 2012 Jake Willoughby
+// 
+// This file is part of DOH.
+// 
+// DOH is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// any later version.
+// 
+// DOH is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+// 
+// You should have received a copy of the GNU General Public License
+// along with DOH. See gpl3.txt. If not, see <http://www.gnu.org/licenses/>.
+
+var INSECURE = new function() {
+ this.angel = function(opts) {
+ //Algorithm used at http://angel.net/~nic/passwd.current.html 
+ return Crypto.util.bytesToBase64(Crypto.SHA1(opts['password'] + ":" + opts['domain'], {asBytes: true})).substring(0,8) + "1a";
+ };
+
+
+
+
+ this.md5hash = function(opts) {
+ //Original algorithm: (domain used as salt)
+ //#!/bin/bash
+ //salt=`echo -n $1 | base64 | md5sum | cut -c 1-8`
+ //salthash=`openssl passwd -1 -salt $salt`
+ //echo ${salthash:12}
+ // Openssl implementation from:
+ //http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/lib/libcrypt/crypt.c?rev=1.2
+ var salt = Crypto.MD5(btoa(opts['domain'] + opts['seq']) + '\n').substring(0,8);
+ var tmp = Crypto.MD5(opts['password'] + salt + opts['password'], {asBytes:true});
+ var str = opts['password'] + "$1$" + salt;
+ str = Crypto.charenc.Binary.stringToBytes(str);
+
+ var cnt;
+ for (cnt = opts['password'].length;cnt > 16; cnt = cnt - 16) {
+ str = str.concat(tmp);
+ }
+ str = str.concat(tmp.slice(0,cnt));
+
+
+ for(cnt = opts['password'].length;cnt > 0; cnt = cnt >> 1) {
+ if ((cnt & 1) != 0) {
+ str = str.concat([0]);
+ }
+ else {
+ str = str.concat(Crypto.charenc.Binary.stringToBytes(opts['password'].substring(0,1)));
+ }
+ }
+ var foo = Crypto.charenc.Binary.bytesToString(str);
+ var last = Crypto.MD5(str, {asBytes:true});
+
+ for (cnt=0;cnt<1000;cnt++) {
+ var next = [];
+ if ((cnt&1) != 0) {
+ next = next.concat(Crypto.charenc.Binary.stringToBytes(opts['password']));
+ }
+ else {
+ next = next.concat(last);
+ }
+ if (cnt % 3 != 0) {
+ next = next.concat(Crypto.charenc.Binary.stringToBytes(salt));
+ }
+ if (cnt % 7 != 0) {
+ next = next.concat(Crypto.charenc.Binary.stringToBytes(opts['password']));
+ }
+ if ((cnt&1) != 0) {
+ next = next.concat(last);
+ }
+ else {
+ next = next.concat(Crypto.charenc.Binary.stringToBytes(opts['password']));
+ }
+ last = Crypto.MD5(next, {asBytes:true});
+ }
+ // For some reason they reorder the bytes when converting to base64
+ var reorder = [
+ last[0], last[6], last[12],
+ last[1], last[7], last[13],
+ last[2], last[8], last[14],
+ last[3], last[9], last[15],
+ last[4], last[10], last[5],
+ 0,0,last[11] ];
+
+ // They use a different base64
+ var tmp2 = Crypto.util.bytesToBase64(reorder);
+ var tmp3 = DOH.trans_chars(Crypto.util.bytesToBase64(reorder),"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/","./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
+ var tmp4 = "";
+ for (cnt=0;cnt<tmp3.length;cnt = cnt + 4) {
+ tmp4 += tmp3.substring(cnt+3,cnt+4);
+ tmp4 += tmp3.substring(cnt+2,cnt+3);
+ tmp4 += tmp3.substring(cnt+1,cnt+2);
+ tmp4 += tmp3.substring(cnt,cnt+1);
+ }
+ return tmp4.substring(0,tmp4.length-2);
+// return salt;
+ };
+};