From 08d84f5f9083ae4c4656d1ab9731d8666cbc4fd5 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 14:21:18 +0200 Subject: [PATCH 01/10] Unit tests: Updated install_modules.sh to use cpanm instead of cpan --- docs/changes.txt | 1 + tools/install_modules.sh | 119 ++++++++++++++++++++------------------- 2 files changed, 61 insertions(+), 59 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 2ac7dd4b2..1d0a36753 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -165,6 +165,7 @@ - Unit tests: Updated install_modules.sh with Crypt::Argon2 - Unit tests: Updated install_modules.sh with Crypt::Passwd::XS, to test suite works also on Apple (ex: 1800) - Unit tests: Updated install_modules.sh to use an external module for Digest::BLAKE2, due to maintenance being discontinued +- Unit tests: Updated install_modules.sh to use cpanm instead of cpan - User Options: Added error message when mixing --username and --show to warn users of exponential delay - MetaMask: update extraction tool to support MetaMask Mobile wallets - SecureCRT MasterPassphrase v2: update module, pure kernels and test unit. Add optimized kernels. diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 91b2185cf..6f8963f9b 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -10,65 +10,66 @@ # Sum of all exit codes ERRORS=0 -cpan install Authen::Passphrase::LANManager \ - Authen::Passphrase::MySQL323 \ - Authen::Passphrase::NTHash \ - Authen::Passphrase::PHPass \ - Bitcoin::Crypto \ - Bitcoin::Crypto::Base58 \ - Compress::Zlib \ - Convert::EBCDIC \ - Crypt::Argon2 \ - Crypt::AuthEnc::GCM \ - Crypt::Camellia \ - Crypt::CBC \ - Crypt::Cipher::Serpent \ - Crypt::DES \ - Crypt::DES_EDE3 \ - Crypt::Digest::BLAKE2s_256 \ - Crypt::Digest::RIPEMD160 \ - Crypt::Digest::Whirlpool \ - Crypt::ECB \ - Crypt::Eksblowfish::Bcrypt \ - Crypt::GCrypt \ - Crypt::Mode::CBC \ - Crypt::Mode::ECB \ - Crypt::MySQL \ - Crypt::OpenSSH::ChachaPoly \ - Crypt::OpenSSL::EC \ - Crypt::OpenSSL::Bignum::CTX \ - Crypt::Passwd::XS \ - Crypt::PBKDF2 \ - Crypt::RC4 \ - Crypt::Rijndael \ - Crypt::ScryptKDF \ - Crypt::Skip32 \ - Crypt::Twofish \ - Crypt::UnixCrypt_XS \ - Data::Types \ - Digest::CMAC \ - Digest::CRC \ - Digest::GOST \ - Digest::HMAC \ - Digest::HMAC_MD5 \ - Digest::Keccak \ - Digest::MD4 \ - Digest::MD5 \ - Digest::MurmurHash3 \ - Digest::Perl::MD5 \ - Digest::SHA \ - Digest::SHA1 \ - Digest::SHA3 \ - Digest::SipHash \ - Encode \ - JSON \ - Math::BigInt \ - MIME::Base64 \ - Net::DNS::RR::NSEC3 \ - Net::DNS::SEC \ - POSIX \ - Text::Iconv \ - ; +cpanm Authen::Passphrase::LANManager \ + Authen::Passphrase::MySQL323 \ + Authen::Passphrase::NTHash \ + Authen::Passphrase::PHPass \ + Bitcoin::Crypto \ + Bitcoin::Crypto::Base58 \ + Compress::Zlib \ + Convert::EBCDIC \ + Crypt::Argon2 \ + Crypt::AuthEnc::GCM \ + Crypt::Camellia \ + Crypt::CBC \ + Crypt::Cipher::Serpent \ + Crypt::DES \ + Crypt::DES_EDE3 \ + Crypt::Digest::BLAKE2s_256 \ + Crypt::Digest::RIPEMD160 \ + Crypt::Digest::Whirlpool \ + Crypt::ECB \ + Crypt::Eksblowfish::Bcrypt \ + Crypt::GCrypt \ + Crypt::Mode::CBC \ + Crypt::Mode::ECB \ + Crypt::MySQL \ + Crypt::OpenSSH::ChachaPoly \ + Crypt::OpenSSL::EC \ + Crypt::OpenSSL::Bignum::CTX \ + Crypt::Passwd::XS \ + Crypt::PBKDF2 \ + Crypt::RC4 \ + Crypt::Rijndael \ + Crypt::ScryptKDF \ + Crypt::Skip32 \ + Crypt::Twofish \ + Crypt::UnixCrypt_XS \ + Data::Types \ + Digest::CMAC \ + Digest::CRC \ + Digest::GOST \ + Digest::HMAC \ + Digest::HMAC_MD5 \ + Digest::Keccak \ + Digest::MD4 \ + Digest::MD5 \ + Digest::MurmurHash3 \ + Digest::Perl::MD5 \ + Digest::SHA \ + Digest::SHA1 \ + Digest::SHA3 \ + Digest::SipHash \ + Encode \ + JSON \ + Math::BigInt \ + MIME::Base64 \ + Module::Build \ + Net::DNS::RR::NSEC3 \ + Net::DNS::SEC \ + POSIX \ + Text::Iconv \ + ; ERRORS=$((ERRORS+$?)) From bfa5b3e610a509dcb3b8a560842b19c279064f9f Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 14:57:40 +0200 Subject: [PATCH 02/10] Unit tests: Updated install_modules.sh to use an external package for pygost, due to not available anymore --- docs/changes.txt | 1 + tools/install_modules.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/changes.txt b/docs/changes.txt index 1d0a36753..5a3e15db0 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -165,6 +165,7 @@ - Unit tests: Updated install_modules.sh with Crypt::Argon2 - Unit tests: Updated install_modules.sh with Crypt::Passwd::XS, to test suite works also on Apple (ex: 1800) - Unit tests: Updated install_modules.sh to use an external module for Digest::BLAKE2, due to maintenance being discontinued +- Unit tests: Updated install_modules.sh to use an external package for pygost, due to not available anymore - Unit tests: Updated install_modules.sh to use cpanm instead of cpan - User Options: Added error message when mixing --username and --show to warn users of exponential delay - MetaMask: update extraction tool to support MetaMask Mobile wallets diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 6f8963f9b..a65450cc2 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -77,7 +77,7 @@ cpanm https://github.com/matrix/p5-Digest-BLAKE2.git ERRORS=$((ERRORS+$?)) -pip3 install pygost +pip3 install git+https://github.com/matrix/pygost --break-system-packages ERRORS=$((ERRORS+$?)) From b5202e4be6faa7329fc074a6515ff739018243ad Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 17:16:00 +0200 Subject: [PATCH 03/10] add pyenv usage to install python3 deps inside virtualenv --- tools/install_modules.sh | 52 ++++++++++++++++++++++++++++++++-------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/tools/install_modules.sh b/tools/install_modules.sh index a65450cc2..7ca3e3f9a 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -77,24 +77,56 @@ cpanm https://github.com/matrix/p5-Digest-BLAKE2.git ERRORS=$((ERRORS+$?)) -pip3 install git+https://github.com/matrix/pygost --break-system-packages +pyenv_enabled=0 -ERRORS=$((ERRORS+$?)) +# check for pyenv +which pyenv &>/dev/null +if [ $? -eq 0 ]; then -# pip3 uninstall -y pycryptoplus pycrypto pycryptodome + if [[ $(pyenv version-name) != "system" ]]; then + # active session detected + pyenv_enabled=1 + else + # enum last version available + latest=$(pyenv install --list | grep -E "^\s*3\.[0-9]+\.[0-9]$" | tail -n 1) -pip3 install pycryptoplus + # install the latest version or skip it if it is already present + pyenv install -s ${latest} -ERRORS=$((ERRORS+$?)) + # enable + pyenv local $latest + if [ $? -eq 0 ]; then + pyenv_enabled=1 + fi + fi +fi -# pip3 uninstall -y pycryptodome # latest versions do not require this work around anymore -pip3 install pycrypto +if [ ${pyenv_enabled} -eq 0 ]; then + echo "! something is wrong with pyenv. Please setup latest version manually and re-run this script. -ERRORS=$((ERRORS+$?)) + ((ERRORS++)) +else + echo "> Installing python3 deps ..." -pip3 install cryptography + pip3 install git+https://github.com/matrix/pygost -ERRORS=$((ERRORS+$?)) + ERRORS=$((ERRORS+$?)) + + # pip3 uninstall -y pycryptoplus pycrypto pycryptodome + + pip3 install pycryptoplus + + ERRORS=$((ERRORS+$?)) + + # pip3 uninstall -y pycryptodome # latest versions do not require this work around anymore + pip3 install pycrypto + + ERRORS=$((ERRORS+$?)) + + pip3 install cryptography + + ERRORS=$((ERRORS+$?)) +fi php --version > /dev/null 2> /dev/null From 63377a98908e1bbd115a925ca2f4b0d771ec7e23 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 19:18:37 +0200 Subject: [PATCH 04/10] Update tools/install_modules.sh: make pyenv works with Apple Intel, use pycryptodome instead of pycrypto, add missing Module::Build::Pluggable::XSUtil --- tools/install_modules.sh | 188 ++++++++++++++++++++++----------------- 1 file changed, 107 insertions(+), 81 deletions(-) diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 7ca3e3f9a..385dbdb73 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -7,89 +7,119 @@ ## Test suite installation helper script +IS_APPLE=0 +IS_APPLE_SILICON=0 + +UNAME=$(uname -s) +if [ "${UNAME}" == "Darwin" ]; then + IS_APPLE=1 +fi + +if [ ${IS_APPLE} -eq 1 ]; then + if [ "$(sysctl -in hw.optional.arm64 2>/dev/null)" == "1" ]; then + IS_APPLE_SILICON=1 + fi +fi + # Sum of all exit codes ERRORS=0 -cpanm Authen::Passphrase::LANManager \ - Authen::Passphrase::MySQL323 \ - Authen::Passphrase::NTHash \ - Authen::Passphrase::PHPass \ - Bitcoin::Crypto \ - Bitcoin::Crypto::Base58 \ - Compress::Zlib \ - Convert::EBCDIC \ - Crypt::Argon2 \ - Crypt::AuthEnc::GCM \ - Crypt::Camellia \ - Crypt::CBC \ - Crypt::Cipher::Serpent \ - Crypt::DES \ - Crypt::DES_EDE3 \ - Crypt::Digest::BLAKE2s_256 \ - Crypt::Digest::RIPEMD160 \ - Crypt::Digest::Whirlpool \ - Crypt::ECB \ - Crypt::Eksblowfish::Bcrypt \ - Crypt::GCrypt \ - Crypt::Mode::CBC \ - Crypt::Mode::ECB \ - Crypt::MySQL \ - Crypt::OpenSSH::ChachaPoly \ - Crypt::OpenSSL::EC \ - Crypt::OpenSSL::Bignum::CTX \ - Crypt::Passwd::XS \ - Crypt::PBKDF2 \ - Crypt::RC4 \ - Crypt::Rijndael \ - Crypt::ScryptKDF \ - Crypt::Skip32 \ - Crypt::Twofish \ - Crypt::UnixCrypt_XS \ - Data::Types \ - Digest::CMAC \ - Digest::CRC \ - Digest::GOST \ - Digest::HMAC \ - Digest::HMAC_MD5 \ - Digest::Keccak \ - Digest::MD4 \ - Digest::MD5 \ - Digest::MurmurHash3 \ - Digest::Perl::MD5 \ - Digest::SHA \ - Digest::SHA1 \ - Digest::SHA3 \ - Digest::SipHash \ - Encode \ - JSON \ - Math::BigInt \ - MIME::Base64 \ - Module::Build \ - Net::DNS::RR::NSEC3 \ - Net::DNS::SEC \ - POSIX \ - Text::Iconv \ +cpanm Authen::Passphrase::LANManager \ + Authen::Passphrase::MySQL323 \ + Authen::Passphrase::NTHash \ + Authen::Passphrase::PHPass \ + Bitcoin::Crypto \ + Bitcoin::Crypto::Base58 \ + Compress::Zlib \ + Convert::EBCDIC \ + Crypt::Argon2 \ + Crypt::AuthEnc::GCM \ + Crypt::Camellia \ + Crypt::CBC \ + Crypt::Cipher::Serpent \ + Crypt::DES \ + Crypt::DES_EDE3 \ + Crypt::Digest::BLAKE2s_256 \ + Crypt::Digest::RIPEMD160 \ + Crypt::Digest::Whirlpool \ + Crypt::ECB \ + Crypt::Eksblowfish::Bcrypt \ + Crypt::GCrypt \ + Crypt::Mode::CBC \ + Crypt::Mode::ECB \ + Crypt::MySQL \ + Crypt::OpenSSH::ChachaPoly \ + Crypt::OpenSSL::EC \ + Crypt::OpenSSL::Bignum::CTX \ + Crypt::Passwd::XS \ + Crypt::PBKDF2 \ + Crypt::RC4 \ + Crypt::Rijndael \ + Crypt::ScryptKDF \ + Crypt::Skip32 \ + Crypt::Twofish \ + Crypt::UnixCrypt_XS \ + Data::Types \ + Digest::CMAC \ + Digest::CRC \ + Digest::GOST \ + Digest::HMAC \ + Digest::HMAC_MD5 \ + Digest::Keccak \ + Digest::MD4 \ + Digest::MD5 \ + Digest::MurmurHash3 \ + Digest::Perl::MD5 \ + Digest::SHA \ + Digest::SHA1 \ + Digest::SHA3 \ + Digest::SipHash \ + Encode \ + JSON \ + Math::BigInt \ + MIME::Base64 \ + Module::Build \ + Module::Build::Pluggable::XSUtil \ + Net::DNS::RR::NSEC3 \ + Net::DNS::SEC \ + POSIX \ + Text::Iconv \ ; ERRORS=$((ERRORS+$?)) -cpanm https://github.com/matrix/p5-Digest-BLAKE2.git +perl -MDigest::BLAKE2 -e1 &>/dev/null +if [ $? -ne 0 ]; then + cpanm https://github.com/matrix/p5-Digest-BLAKE2.git + ERRORS=$((ERRORS+$?)) +fi -ERRORS=$((ERRORS+$?)) +# checks for pyenv pyenv_enabled=0 -# check for pyenv which pyenv &>/dev/null if [ $? -eq 0 ]; then if [[ $(pyenv version-name) != "system" ]]; then + # active session detected pyenv_enabled=1 + else + # enum last version available latest=$(pyenv install --list | grep -E "^\s*3\.[0-9]+\.[0-9]$" | tail -n 1) + if [ $IS_APPLE -eq 1 ]; then + if [ $IS_APPLE_SILICON -eq 0 ]; then + # workaround but with pyenv and Apple Intel with brew binutils in path + remove_path="$(brew --prefix)/opt/binutils/bin" + PATH=$(echo "$PATH" | tr ':' '\n' | awk '$0 != "${remove_path}"' | xargs | sed 's/ /:/g') + export $PATH + fi + fi + # install the latest version or skip it if it is already present pyenv install -s ${latest} @@ -98,50 +128,46 @@ if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then pyenv_enabled=1 fi + fi fi if [ ${pyenv_enabled} -eq 0 ]; then - echo "! something is wrong with pyenv. Please setup latest version manually and re-run this script. - ((ERRORS++)) + echo "! something is wrong with pyenv. Please setup latest version manually and re-run this script." + (( ERRORS++ )) + else + echo "> Installing python3 deps ..." pip3 install git+https://github.com/matrix/pygost - ERRORS=$((ERRORS+$?)) - # pip3 uninstall -y pycryptoplus pycrypto pycryptodome - pip3 install pycryptoplus - ERRORS=$((ERRORS+$?)) - # pip3 uninstall -y pycryptodome # latest versions do not require this work around anymore - pip3 install pycrypto - + pip3 install pycryptodome ERRORS=$((ERRORS+$?)) pip3 install cryptography - ERRORS=$((ERRORS+$?)) + fi -php --version > /dev/null 2> /dev/null - -if [ "$?" -ne 0 ] -then - echo '[ ERROR ] php must be installed for some unit tests' +php --version &> /dev/null +if [ $? -ne 0 ]; then + echo "! php must be installed for some unit tests' ERRORS=$((ERRORS+1)) fi echo -if [ $ERRORS -eq 0 ]; then - echo '[ OK ] All commands were successful' - exit 0 -else + +if [ $ERRORS -gt 0 ]; then echo '[ FAIL ] Some commands were not successful' exit 1 fi + +echo '[ OK ] All commands were successful' +exit 0 From 638aaa902abfd74e1754f560e0515f90b0f3d3a7 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 19:28:29 +0200 Subject: [PATCH 05/10] Update tools/install_modules.sh: using bash instead of sh, fix unclosed double quote --- tools/install_modules.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 385dbdb73..c26ebba4d 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env bash ## ## Author......: See docs/credits.txt @@ -157,7 +157,7 @@ fi php --version &> /dev/null if [ $? -ne 0 ]; then - echo "! php must be installed for some unit tests' + echo "! php must be installed for some unit tests" ERRORS=$((ERRORS+1)) fi @@ -165,9 +165,9 @@ fi echo if [ $ERRORS -gt 0 ]; then - echo '[ FAIL ] Some commands were not successful' + echo "[ FAIL ] Some commands were not successful" exit 1 fi -echo '[ OK ] All commands were successful' +echo "[ OK ] All commands were successful" exit 0 From e8686b3e3e7d5c47b8a425e666bc3bc80193471b Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 19:32:09 +0200 Subject: [PATCH 06/10] Update tools/install_modules.sh: force install/update Digest::BLAKE2 --- tools/install_modules.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tools/install_modules.sh b/tools/install_modules.sh index c26ebba4d..9b5253344 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -24,6 +24,8 @@ fi # Sum of all exit codes ERRORS=0 +echo "> Installing perl deps ..." + cpanm Authen::Passphrase::LANManager \ Authen::Passphrase::MySQL323 \ Authen::Passphrase::NTHash \ @@ -88,11 +90,8 @@ cpanm Authen::Passphrase::LANManager \ ERRORS=$((ERRORS+$?)) -perl -MDigest::BLAKE2 -e1 &>/dev/null -if [ $? -ne 0 ]; then - cpanm https://github.com/matrix/p5-Digest-BLAKE2.git - ERRORS=$((ERRORS+$?)) -fi +cpanm https://github.com/matrix/p5-Digest-BLAKE2.git +ERRORS=$((ERRORS+$?)) # checks for pyenv From 1cc8ed779eee1c7775d56ec35b28b85f33b23a90 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 20:00:43 +0200 Subject: [PATCH 07/10] get rid of Crypt::GCrypt --- tools/install_modules.sh | 3 ++- tools/test_modules/m18600.pm | 32 ++++++-------------------------- 2 files changed, 8 insertions(+), 27 deletions(-) diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 9b5253344..1d6f583c3 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -36,6 +36,7 @@ cpanm Authen::Passphrase::LANManager \ Convert::EBCDIC \ Crypt::Argon2 \ Crypt::AuthEnc::GCM \ + Crypt::Blowfish \ Crypt::Camellia \ Crypt::CBC \ Crypt::Cipher::Serpent \ @@ -46,7 +47,6 @@ cpanm Authen::Passphrase::LANManager \ Crypt::Digest::Whirlpool \ Crypt::ECB \ Crypt::Eksblowfish::Bcrypt \ - Crypt::GCrypt \ Crypt::Mode::CBC \ Crypt::Mode::ECB \ Crypt::MySQL \ @@ -61,6 +61,7 @@ cpanm Authen::Passphrase::LANManager \ Crypt::Skip32 \ Crypt::Twofish \ Crypt::UnixCrypt_XS \ + CryptX \ Data::Types \ Digest::CMAC \ Digest::CRC \ diff --git a/tools/test_modules/m18600.pm b/tools/test_modules/m18600.pm index b974ce50a..fc2c44973 100644 --- a/tools/test_modules/m18600.pm +++ b/tools/test_modules/m18600.pm @@ -8,7 +8,8 @@ use strict; use warnings; -use Crypt::GCrypt; +use Crypt::Blowfish; +use Crypt::Mode::CFB; use Crypt::PBKDF2; use Digest::SHA qw (sha1 sha1_hex); @@ -36,20 +37,9 @@ sub module_generate_hash my $pass_hash = sha1 ($word); my $key = $kdf->PBKDF2 ($b_salt, $pass_hash); - my $cfb = Crypt::GCrypt->new - ( - type => 'cipher', - algorithm => 'blowfish', - mode => 'cfb' - ); + my $cfb = Crypt::Mode::CFB->new('Blowfish'); - $cfb->start ('encrypting'); - $cfb->setkey ($key); - $cfb->setiv ($b_iv); - - my $b_cipher = $cfb->encrypt ($b_plain); - - $cfb->finish (); + my $b_cipher = $cfb->encrypt($b_plain, $key, $b_iv); my $cipher = unpack ('H*', $b_cipher); my $checksum = sha1_hex ($b_plain); @@ -113,19 +103,9 @@ sub module_verify_hash my $pass_hash = sha1 ($word); my $key = $kdf->PBKDF2 ($b_salt, $pass_hash); - my $cfb = Crypt::GCrypt->new ( - type => 'cipher', - algorithm => 'blowfish', - mode => 'cfb' - ); + my $cfb = Crypt::Mode::CFB->new('Blowfish'); - $cfb->start ('decrypting'); - $cfb->setkey ($key); - $cfb->setiv ($b_iv); - - my $b_plain = $cfb->decrypt ($b_cipher); - - $cfb->finish (); + my $b_plain = $cfb->decrypt($b_cipher, $key, $b_iv); my $plain = unpack ('H*', $b_plain); From 7b46921ce79c8bc36b2e349fd0b660636adec977 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 20:10:27 +0200 Subject: [PATCH 08/10] add workaround for Net::SSLeay on Apple --- tools/install_modules.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 1d6f583c3..2dd483327 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -26,6 +26,15 @@ ERRORS=0 echo "> Installing perl deps ..." +if [ ${IS_APPLE} -eq 1 ]; then + # workaround for test failed with Net::SSLeay on Apple + cpanm --notest Net::SSLeay +else + cpanm Net::SSLeay +fi + +ERRORS=$((ERRORS+$?)) + cpanm Authen::Passphrase::LANManager \ Authen::Passphrase::MySQL323 \ Authen::Passphrase::NTHash \ From 253268d11e363bf511184144110897f96490b939 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 20:22:15 +0200 Subject: [PATCH 09/10] get rid of php from unit tests --- tools/install_modules.sh | 7 -- tools/test_modules/m11900.pm | 132 +++++++++++------------------------ 2 files changed, 42 insertions(+), 97 deletions(-) diff --git a/tools/install_modules.sh b/tools/install_modules.sh index 2dd483327..2d68538f7 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -164,13 +164,6 @@ else fi -php --version &> /dev/null -if [ $? -ne 0 ]; then - echo "! php must be installed for some unit tests" - - ERRORS=$((ERRORS+1)) -fi - echo if [ $ERRORS -gt 0 ]; then diff --git a/tools/test_modules/m11900.pm b/tools/test_modules/m11900.pm index 4464c434e..2d621d184 100644 --- a/tools/test_modules/m11900.pm +++ b/tools/test_modules/m11900.pm @@ -10,9 +10,44 @@ use warnings; use Crypt::PBKDF2; use MIME::Base64 qw (encode_base64 decode_base64); +use Digest::HMAC qw(hmac); +use Digest::MD5 qw(md5); sub module_constraints { [[0, 256], [1, 15], [-1, -1], [-1, -1], [-1, -1]] } +sub pbkdf2_md5 +{ + my ($password, $salt, $iterations, $key_length) = @_; + $iterations ||= 1000; + $key_length ||= 32; + + my $hash_length = 16; # MD5 outputs 16 bytes + my $block_count = int( ($key_length + $hash_length - 1) / $hash_length ); + + my $output = ''; + + for my $i (1 .. $block_count) + { + # pack N = big endian 32-bit + my $block_index = pack('N', $i); + + # Initial U1 = HMAC(password, salt || block_index) + my $u = hmac($salt . $block_index, $password, \&md5); + + my $t = $u; + + for (my $j = 1; $j < $iterations; $j++) + { + $u = hmac($u, $password, \&md5); + $t ^= $u; + } + + $output .= $t; + } + + return substr($output, 0, $key_length); +} + sub module_generate_hash { my $word = shift; @@ -20,98 +55,15 @@ sub module_generate_hash my $iterations = shift // 1000; my $out_len = shift // 32; - # - # call PHP here - WTF - # + # Generate derived key (binary) + my $derived_key = pbkdf2_md5($word, $salt, $iterations, $out_len); - # sanitize $word_buf and $salt_buf: + # base64 encode salt and derived key + my $base64_salt = encode_base64($salt, ''); + my $base64_key = encode_base64($derived_key, ''); - my $word_buf_base64 = encode_base64 ($word, ""); - my $salt_buf_base64 = encode_base64 ($salt, ""); - - # sanitize lengths - - $out_len = int ($out_len); - - # output is in hex encoding, otherwise it could be screwed (but shouldn't) - - my $php_code = <<'END_CODE'; - - function pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output = false) - { - $algorithm = strtolower ($algorithm); - - if (! in_array ($algorithm, hash_algos (), true)) - { - trigger_error ("PBKDF2 ERROR: Invalid hash algorithm.", E_USER_ERROR); - } - - if ($count <= 0 || $key_length <= 0) - { - trigger_error ("PBKDF2 ERROR: Invalid parameters.", E_USER_ERROR); - } - - if (function_exists ("hash_pbkdf2")) - { - if (!$raw_output) - { - $key_length = $key_length * 2; - } - - return hash_pbkdf2 ($algorithm, $password, $salt, $count, $key_length, $raw_output); - } - - $hash_length = strlen (hash ($algorithm, "", true)); - $block_count = ceil ($key_length / $hash_length); - - $output = ""; - - for ($i = 1; $i <= $block_count; $i++) - { - $last = $salt . pack ("N", $i); - - $last = $xorsum = hash_hmac ($algorithm, $last, $password, true); - - for ($j = 1; $j < $count; $j++) - { - $xorsum ^= ($last = hash_hmac ($algorithm, $last, $password, true)); - } - - $output .= $xorsum; - } - - if ($raw_output) - { - return substr ($output, 0, $key_length); - } - else - { - return bin2hex (substr ($output, 0, $key_length)); - } - } - - print pbkdf2 ("md5", base64_decode ("$word_buf_base64"), base64_decode ("$salt_buf_base64"), $iterations, $out_len, False); - -END_CODE - - # replace with these command line arguments - - $php_code =~ s/\$word_buf_base64/$word_buf_base64/; - $php_code =~ s/\$salt_buf_base64/$salt_buf_base64/; - $php_code =~ s/\$iterations/$iterations/; - $php_code =~ s/\$out_len/$out_len/; - - my $php_output = `php -r '$php_code'`; - - my $hash_buf = pack ("H*", $php_output); - - $hash_buf = encode_base64 ($hash_buf, ""); - - my $base64_salt_buf = encode_base64 ($salt, ""); - - my $hash = sprintf ("md5:%i:%s:%s", $iterations, $base64_salt_buf, $hash_buf); - - return $hash; + # Format output string + return sprintf("md5:%d:%s:%s", $iterations, $base64_salt, $base64_key); } sub module_verify_hash From 31f05d7a1cd7cdb1ce9eae016794f203bd8580d3 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 12 Jul 2025 20:25:30 +0200 Subject: [PATCH 10/10] update changes.txt --- docs/changes.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changes.txt b/docs/changes.txt index 5a3e15db0..a12d42cf6 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -167,6 +167,7 @@ - Unit tests: Updated install_modules.sh to use an external module for Digest::BLAKE2, due to maintenance being discontinued - Unit tests: Updated install_modules.sh to use an external package for pygost, due to not available anymore - Unit tests: Updated install_modules.sh to use cpanm instead of cpan +- Unit tests: Updated install_modules.sh to remove php and Crypt::GCrypt (updated relative test modules) - User Options: Added error message when mixing --username and --show to warn users of exponential delay - MetaMask: update extraction tool to support MetaMask Mobile wallets - SecureCRT MasterPassphrase v2: update module, pure kernels and test unit. Add optimized kernels.