#! /usr/bin/env tclsh # Yea, another password manager. "Password--" it's called, because it's entirely stateless. # Just takes a master password, a protocol, and a site, and spits out a password. # # This file is part of the password--, version 2 distribution # (https://gist.github.com/janicez/88a94def545f0447d63b2c5e1244d301). # Copyright (c) 2016 Ellenor Malik, legal name "Jack Dennis Johnson". All rights reserved. # # This file is free software - you may distribute it under the M.I.T. license. # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. package require Expect package require base64 package require aes package require sha256 proc pad {origlen {mult 16}} { set next [expr $origlen/$mult+1] set nextl [expr ${next}*${mult}] set padlen [expr ${nextl}-${origlen}] return $padlen } proc encrypt {site pass} { set inited [::aes::Init ecb [::sha2::sha256 -bin -- [join [list $site $pass] ":"]] "aaaaaaaaaaaaaaaa"] set padout [pad [string length $site]] append site [string repeat \0 $padout] set encd [::aes::Encrypt $inited [::sha2::sha256 -bin -- $pass]] ::aes::Final $inited return [encrypt-v1 $site $encd] } proc encrypt-v1 {site pass} { set inited [::aes::Init ecb [::sha2::sha256 -bin -- $pass] "aaaaaaaaaaaaaaaa"] set padout [pad [string length $site]] append site [string repeat \0 $padout] set encd [::aes::Encrypt $inited $site] ::aes::Final $inited return $encd } puts stdout "Welcome to passwordmm." flush stdout proc exppw {questionString} { puts -nonewline stdout $questionString flush stdout stty -echo gets stdin out stty echo puts stdout "" return $out } proc rdlin {questionString} { puts -nonewline stdout $questionString flush stdout gets stdin out return $out } proc mkpw {pass site} { return [string map {/ - + _ = {}} [::base64::encode -maxlen 0 -wrapchar "" [encrypt-v1 $site $pass]]] } proc mkpw2 {pass site} { return [string map {/ - + _ = {}} [::base64::encode -maxlen 0 -wrapchar "" [encrypt $site $pass]]] } set done 0 while {!$done} { set reqcmd [split [rdlin "pwmm> "] " "] switch -nocase -- [format ":%s" [lindex $reqcmd 0]] { ":p" - ":sp" - ":pass" - ":sitepass" { if {[llength $reqcmd] < 2} { puts stdout "Error: insufficient arguments." flush stdout puts stdout [format "usage: %s site ?proto? ?username? \[ignored...\]" [lindex $reqcmd 0]] flush stdout puts stdout "Asks password off command line with stty echo off." flush stdout puts stdout "Statelessly derives a fairly secure (but not excellent) password from a master password and site, protocol and username." flush stdout continue } switch -- [llength $reqcmd] { "2" {set site [lindex $reqcmd 1]} "3" {set site [lindex $reqcmd 1]; append site ":";append site [lindex $reqcmd 2]} "4" - default {set site [lindex $reqcmd 1]; append site ":";append site [lindex $reqcmd 2]; append site ":";append site [lindex $reqcmd 3]} } set pw [mkpw [exppw "master password?> "] $site] puts stdout [format "site password: %s" $pw] flush stdout set pw "" } ":t" - ":tp" - ":tsp" - ":truncpass" - ":truncsitepass" { if {[llength $reqcmd] < 3} { puts stdout "Error: insufficient arguments." flush stdout puts stdout [format "usage: %s length site ?proto? ?username? \[ignored...\]" [lindex $reqcmd 0]] flush stdout puts stdout "Asks password off command line with stty echo off." flush stdout puts stdout "Statelessly derives a fairly secure (but not excellent) password from a master password and site, protocol and username." flush stdout continue } set maxlength [lindex $reqcmd 1] switch -- [llength $reqcmd] { "2" {set site [lindex $reqcmd 2]} "3" {set site [lindex $reqcmd 2]; append site ":";append site [lindex $reqcmd 3]} "4" - default {set site [lindex $reqcmd 2]; append site ":";append site [lindex $reqcmd 3]; append site ":";append site [lindex $reqcmd 4]} } set pw [mkpw2 [exppw "master password?> "] $site] switch -- $maxlength { i - in - inf - infi - infin - infini - infinit - infinity - infinite { puts stdout [format "site password: %s" $pw] } default { puts stdout [format "site password: %s" [string range $pw 0 [expr {$maxlength - 1}] ]] } } flush stdout set pw "" } :q - :qu - :qui - :quit {puts stdout "Ja mata!"; exit} default { puts stdout "The only command is “p”, “sp”, “pass”, or “sitepass”. “quit” or shortenings thereof exit. “tp”, “tsp”, “truncpass”, “truncsitepass” truncate." puts stdout "usage: p site ?proto? ?username?" puts stdout "Asks password off command line with stty echo off." puts stdout "Statelessly derives a fairly secure (but not excellent) password from a master password and site, protocol and username. Uses the old algorithm." puts stdout "usage: tp length site ?proto? ?username?" puts stdout "Asks password off command line with stty echo off." puts stdout "Statelessly derives a fairly secure (but not excellent) password from a master password and site, protocol and username. Supports maximum length (which can be 'inf' for no maximum) and uses the new algorithm." flush stdout } } }