#! /usr/bin/env tclsh
# Yea, another password manager. "Password--" it's called, because it's entirely stateless.
# Just takes a master password, a protocol, and a site, and spits out a password.
#
# This file is part of the password--, version 2 distribution
# (
https://gist.github.com/janicez/88a94def545f0447d63b2c5e1244d301).
# Copyright (c) 2016 Ellenor Malik, legal name "Jack Dennis Johnson". All rights reserved.
#
# This file is free software - you may distribute it under the M.I.T. license.
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
package require Expect
package require base64
package require aes
package require sha256
proc pad {origlen {mult 16}} {
set next [expr $origlen/$mult+1]
set nextl [expr ${next}*${mult}]
set padlen [expr ${nextl}-${origlen}]
return $padlen
}
proc encrypt {site pass} {
set inited [::aes::Init ecb [::sha2::sha256 -bin -- [join [list $site $pass] ":"]] "aaaaaaaaaaaaaaaa"]
set padout [pad [string length $site]]
append site [string repeat \0 $padout]
set encd [::aes::Encrypt $inited [::sha2::sha256 -bin -- $pass]]
::aes::Final $inited
return [encrypt-v1 $site $encd]
}
proc encrypt-v1 {site pass} {
set inited [::aes::Init ecb [::sha2::sha256 -bin -- $pass] "aaaaaaaaaaaaaaaa"]
set padout [pad [string length $site]]
append site [string repeat \0 $padout]
set encd [::aes::Encrypt $inited $site]
::aes::Final $inited
return $encd
}
puts stdout "Welcome to passwordmm."
flush stdout
proc exppw {questionString} {
puts -nonewline stdout $questionString
flush stdout
stty -echo
gets stdin out
stty echo
puts stdout ""
return $out
}
proc rdlin {questionString} {
puts -nonewline stdout $questionString
flush stdout
gets stdin out
return $out
}
proc mkpw {pass site} {
return [string map {/ - + _ = {}} [::base64::encode -maxlen 0 -wrapchar "" [encrypt-v1 $site $pass]]]
}
proc mkpw2 {pass site} {
return [string map {/ - + _ = {}} [::base64::encode -maxlen 0 -wrapchar "" [encrypt $site $pass]]]
}
set done 0
while {!$done} {
set reqcmd [split [rdlin "pwmm> "] " "]
switch -nocase -- [format ":%s" [lindex $reqcmd 0]] {
":p" - ":sp" - ":pass" - ":sitepass" {
if {[llength $reqcmd] < 2} {
puts stdout "Error: insufficient arguments."
flush stdout
puts stdout [format "usage: %s site ?proto? ?username? \[ignored...\]" [lindex $reqcmd 0]]
flush stdout
puts stdout "Asks password off command line with stty echo off."
flush stdout
puts stdout "Statelessly derives a fairly secure (but not excellent) password from a master password and site, protocol and username."
flush stdout
continue
}
switch -- [llength $reqcmd] {
"2" {set site [lindex $reqcmd 1]}
"3" {set site [lindex $reqcmd 1]; append site ":";append site [lindex $reqcmd 2]}
"4" - default {set site [lindex $reqcmd 1]; append site ":";append site [lindex $reqcmd 2]; append site ":";append site [lindex $reqcmd 3]}
}
set pw [mkpw [exppw "master password?> "] $site]
puts stdout [format "site password: %s" $pw]
flush stdout
set pw ""
}
":t" - ":tp" - ":tsp" - ":truncpass" - ":truncsitepass" {
if {[llength $reqcmd] < 3} {
puts stdout "Error: insufficient arguments."
flush stdout
puts stdout [format "usage: %s length site ?proto? ?username? \[ignored...\]" [lindex $reqcmd 0]]
flush stdout
puts stdout "Asks password off command line with stty echo off."
flush stdout
puts stdout "Statelessly derives a fairly secure (but not excellent) password from a master password and site, protocol and username."
flush stdout
continue
}
set maxlength [lindex $reqcmd 1]
switch -- [llength $reqcmd] {
"2" {set site [lindex $reqcmd 2]}
"3" {set site [lindex $reqcmd 2]; append site ":";append site [lindex $reqcmd 3]}
"4" - default {set site [lindex $reqcmd 2]; append site ":";append site [lindex $reqcmd 3]; append site ":";append site [lindex $reqcmd 4]}
}
set pw [mkpw2 [exppw "master password?> "] $site]
switch -- $maxlength {
i - in - inf - infi - infin - infini - infinit - infinity - infinite {
puts stdout [format "site password: %s" $pw]
}
default {
puts stdout [format "site password: %s" [string range $pw 0 [expr {$maxlength - 1}] ]]
}
}
flush stdout
set pw ""
}
:q - :qu - :qui - :quit {puts stdout "Ja mata!"; exit}
default {
puts stdout "The only command is “p”, “sp”, “pass”, or “sitepass”. “quit” or shortenings thereof exit. “tp”, “tsp”, “truncpass”, “truncsitepass” truncate."
puts stdout "usage: p site ?proto? ?username?"
puts stdout "Asks password off command line with stty echo off."
puts stdout "Statelessly derives a fairly secure (but not excellent) password from a master password and site, protocol and username. Uses the old algorithm."
puts stdout "usage: tp length site ?proto? ?username?"
puts stdout "Asks password off command line with stty echo off."
puts stdout "Statelessly derives a fairly secure (but not excellent) password from a master password and site, protocol and username. Supports maximum length (which can be 'inf' for no maximum) and uses the new algorithm."
flush stdout
}
}
}
