Initial commit.

dchest · dchest · commit 03162f5cbd0a · 2013-12-21T20:24:28.000+01:00
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,26 @@
+Copyright (c) 2013 Coding Robots <info@codingrobots.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+   * Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+
+   * Redistributions in binary form must reproduce the above
+     copyright notice, this list of conditions and the following
+     disclaimer in the documentation and/or other materials
+     provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/README.md b/README.md
@@ -0,0 +1,35 @@
+# memoires-decrypt
+
+This cross-platform command-line program decrypts journals encrypted with
+[Mémoires 4.0][mem] and later.  The result of decryption is the original
+unencrypted journal (which is an SQLite database file).
+
+The program is freely available under the 2-clause BSD license as an
+anti-lock in initiative of [Coding Robots][cr], makers of Mémoires.
+We support open standards and data portability.
+
+
+## Installation
+
+To install the program from sources, first install [Go programming language][go].
+Then type the following command in Terminal:
+
+	go get github.com/coding-robots/memoires-decrypt
+
+This command will install `memoires-decrypt` into your $GOPATH/bin directory.
+
+
+## Usage
+
+	memoires-decrypt -p="password" -in="encrypted.memoire" out="decrypted.memoire"
+
+where:
+
+	-in: encrypted journal file
+	-out: decrypted SQLite file
+	-p: password
+
+
+[mem]: http://www.codingrobots.com/memoires/
+[cr]: http://www.codingrobots.com
+[go]: http://golang.org
diff --git a/main.go b/main.go
@@ -0,0 +1,164 @@
+// Copyright 2013 Coding Robots. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Command memoires-decrypt decrypts journals encrypted with Mémoires 4.0 and later.
+package main
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/subtle"
+	"errors"
+	"flag"
+	"io"
+	"log"
+	"os"
+
+	"code.google.com/p/go.crypto/scrypt"
+	"github.com/dchest/blake2b"
+)
+
+var (
+	fPassword = flag.String("p", "", "password")
+	fInFile   = flag.String("in", "", "encrypted journal file")
+	fOutFile  = flag.String("out", "", "decrypted SQLite file")
+)
+
+func main() {
+	flag.Parse()
+	log.SetFlags(0)
+	if *fPassword == "" || *fInFile == "" || *fOutFile == "" {
+		flag.Usage()
+		return
+	}
+	inf, err := os.Open(*fInFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer inf.Close()
+	outf, err := os.Create(*fOutFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer outf.Close()
+	err = Decrypt(inf, outf, []byte(*fPassword))
+	if err != nil {
+		os.Remove(*fOutFile)
+		log.Fatal(err)
+	}
+}
+
+var (
+	ErrWrongFormat        = errors.New("wrong file format")
+	ErrUnsupportedVersion = errors.New("unsupported version")
+	ErrWrongPassword      = errors.New("wrong password")
+	ErrCorrupted          = errors.New("file corrupted")
+)
+
+const headerSize = 8 /*id*/ + 1 /*ver*/ + 1 /*logN*/ + 1 /*logR*/ + 1 /*logP*/ + 32 /*salt*/ + 16 /*iv*/ + 32 /*hash*/ + 32 /*header MAC*/
+
+func Decrypt(r io.Reader, w io.Writer, password []byte) error {
+	// Read the whole input file into memory.
+	var buf bytes.Buffer
+	_, err := io.Copy(&buf, r)
+	if err != nil {
+		return err
+	}
+	input := buf.Bytes()
+	header := input[:headerSize]
+	content := input[headerSize : len(input)-32]
+
+	// Check ID string.
+	if string(header[:8]) != "MEM_encr" {
+		return ErrWrongFormat
+	}
+
+	// Check format version.
+	if header[8] != 1 {
+		return ErrUnsupportedVersion
+	}
+
+	// Read KDF parameters.
+	logN := header[9]
+	logR := header[10]
+	logP := header[11]
+	salt := header[12:44]
+
+	// Read IV for encryption.
+	iv := header[44:60]
+
+	// Check header hash.
+	curhash := blake2b.Sum256(header[:60])
+	if subtle.ConstantTimeCompare(curhash[:], header[60:92]) != 1 {
+		return ErrCorrupted
+	}
+
+	// Derive keys.
+	keys, err := deriveKeys(password, salt, logN, logR, logP)
+	if err != nil {
+		return err
+	}
+	mackey := keys[0:32]
+	enckey := keys[32:64]
+
+	// Check header MAC.
+	h := blake2b.NewMAC(32, mackey)
+	h.Write(header[:92])
+	if subtle.ConstantTimeCompare(h.Sum(nil), header[92:124]) != 1 {
+		return ErrWrongPassword
+	}
+
+	// Check content MAC.
+	h.Reset()
+	h.Write(input[:len(input)-32])
+	if subtle.ConstantTimeCompare(h.Sum(nil), input[len(input)-32:]) != 1 {
+		return ErrCorrupted
+	}
+
+	// Decrypt.
+	if len(content)%aes.BlockSize != 0 {
+		return ErrCorrupted
+	}
+	a, err := aes.NewCipher(enckey)
+	if err != nil {
+		panic(err.Error())
+	}
+	out := make([]byte, len(content))
+	dec := cipher.NewCBCDecrypter(a, iv)
+	dec.CryptBlocks(out, content)
+
+	// Strip padding.
+	n := out[len(out)-1]
+	if n > aes.BlockSize {
+		return ErrCorrupted
+	}
+	out = out[:len(out)-int(n)]
+
+	nw, err := w.Write(out)
+	if err != nil {
+		return err
+	}
+	if nw != len(out) {
+		return io.ErrShortWrite
+	}
+	return nil
+}
+
+func deriveKeys(password, salt []byte, logN, logR, logP uint8) ([]byte, error) {
+	if logN > 32 {
+		return nil, errors.New("logN is too large")
+	}
+	if logR > 6 {
+		return nil, errors.New("logR is too large")
+	}
+	if logP > 6 {
+		return nil, errors.New("logP is too large")
+	}
+	N := int(1 << uint(logN))
+	r := int(1 << uint(logR))
+	p := int(1 << uint(logP))
+	log.Print(N, r, p)
+	return scrypt.Key(password, salt, N, r, p, 64)
+}
