From e1872c5028937753e0ecbebcded8a312d5eb7ce4 Mon Sep 17 00:00:00 2001
From: dakkar <dakkar@thenautilus.net>
Date: Fri, 25 Mar 2011 23:54:14 +0000
Subject: very broken, can't decrypt

---
 bin/client                |  7 ++++---
 lib/DeWeave/Collection.pm | 30 ++++++++++++++++++++++++++++++
 lib/DeWeave/Crypto.pm     | 38 ++++++++++++++++++++++++++++++--------
 lib/DeWeave/EDO.pm        | 14 +++++++-------
 lib/DeWeave/Storage.pm    | 10 +++++++---
 lib/DeWeave/WBO.pm        | 34 ++++++++++++++++++++++++----------
 6 files changed, 102 insertions(+), 31 deletions(-)
 create mode 100644 lib/DeWeave/Collection.pm

diff --git a/bin/client b/bin/client
index 26eae71..8675f18 100644
--- a/bin/client
+++ b/bin/client
@@ -4,7 +4,7 @@ use warnings;
 use FindBin::libs;
 use DeWeave::Storage;
 use DeWeave::Crypto;
-use DeWeave::EDO;
+use DeWeave::Collection;
 use Getopt::Long;
 
 my ($server,$username,$password,$sync_key);
@@ -39,9 +39,10 @@ my $crypto = DeWeave::Crypto->new({
 });
 
 use Data::Dump 'pp';
+my $data = $storage->get_item('storage/tabs');
 
-my $foo = DeWeave::EDO->from_json(
-    $storage->get_item('storage/tabs'),
+my $foo = DeWeave::Collection->from_json(
+    $data,
     $crypto,
 );
 
diff --git a/lib/DeWeave/Collection.pm b/lib/DeWeave/Collection.pm
new file mode 100644
index 0000000..803a8cc
--- /dev/null
+++ b/lib/DeWeave/Collection.pm
@@ -0,0 +1,30 @@
+package DeWeave::Collection;
+use Moose;
+use namespace::autoclean;
+use MooseX::Types::Moose qw(ArrayRef Int Str Num);
+use JSON::Any;
+use DeWeave::EDO;
+
+has items => (
+    isa => ArrayRef['DeWeave::WBO'],
+    is => 'ro',
+    required => 1,
+);
+
+sub from_json {
+    my ($class,$json,$crypt)=@_;
+
+    my $j = JSON::Any->new;
+
+    my $args = $j->decode($json);
+    use Data::Dump 'pp';warn pp $args;
+
+    my @items = map {
+        DeWeave::EDO->new({%$_,__crypt=>$crypt})
+      } @$args;
+    return $class->new({
+        items => \@items,
+    });
+}
+
+1;
diff --git a/lib/DeWeave/Crypto.pm b/lib/DeWeave/Crypto.pm
index 618e095..e21e141 100644
--- a/lib/DeWeave/Crypto.pm
+++ b/lib/DeWeave/Crypto.pm
@@ -8,6 +8,8 @@ use Try::Tiny;
 use Digest::SHA ();
 use MIME::Base32 'RFC';
 use Crypt::CBC;
+use MIME::Base64 ();
+use Data::Dump 'pp';
 
 has storage => (
     isa => 'DeWeave::Storage',
@@ -25,8 +27,10 @@ sub _byte_sync_key {
     my ($self) = @_;
 
     my $key = $self->sync_key;
-    $key =~ y{89}{lo};
-    return MIME::Base32::decode($key);
+    $key =~ y{89}{LO};
+    $key =~ s{-}{}g;
+    $key = MIME::Base32::decode($key);
+    return substr($key,0,16);
 }
 
 has _hmac_input => (
@@ -46,6 +50,9 @@ sub _build__encryption_key {
 
     my $secret = $self->_hmac_input
         . $self->storage->username . "\x01";
+
+warn "enc key: ",pp($secret,$self->_byte_sync_key,length($self->_byte_sync_key));
+
     return Digest::SHA::hmac_sha256($secret, $self->_byte_sync_key);
 }
 
@@ -80,8 +87,21 @@ sub _build__keys {
 
     my $j = JSON::Any->new;
 
-    my $keys_payload = $self->storage->get_item('crypto/keys');
-    my $struct = $j->decode($keys_payload);
+    my $keys_raw = $self->storage->get_item('storage/crypto/keys');
+
+    my $keys_struct = $j->decode($keys_raw);
+
+    my $payload = $j->decode($keys_struct->{payload});
+
+warn "payload: ", pp $payload;
+warn "key: ",pp $self->_encryption_key, length($self->_encryption_key);
+
+    my $struct = $j->decode($self->decrypt({
+        %$payload,
+        key => $self->_encryption_key,
+    }));
+
+warn "keys: ",pp $struct;
 
     my $keys = {
         default => $struct->{default},
@@ -105,16 +125,18 @@ sub keys_for_collection {
 sub decrypt {
     my ($self,$args) = @_;
 
-    my $iv = $args->{IV};
+    my $iv = MIME::Base64::decode($args->{IV});
     my $hmac = $args->{hmac};
-    my $ct = $args->{ciphertext};
+    my $ct = MIME::Base64::decode($args->{ciphertext});
+    my $key = $args->{key} || $self->keys_for_collection('default');
+
+warn "Crypto ", pp($iv,$ct, length($ct), $key);
 
     my $cipher = Crypt::CBC->new(
-        -key => $self->_encryption_key,
+        -key => $key,
         -cipher => 'Crypt::OpenSSL::AES',
         -iv => $iv,
         -header => 'none',
-        -padding => 'null',
         -literal_key => 1,
     );
 
diff --git a/lib/DeWeave/EDO.pm b/lib/DeWeave/EDO.pm
index 30fdbf2..f7a605f 100644
--- a/lib/DeWeave/EDO.pm
+++ b/lib/DeWeave/EDO.pm
@@ -4,10 +4,11 @@ use namespace::autoclean;
 use MooseX::Types::Moose qw(Int Str Num);
 use JSON::Any;
 use Try::Tiny;
+use Data::Dump 'pp';
 
 extends 'DeWeave::WBO';
 
-has cyhpertext => (
+has ciphertext => (
     isa => Str,
     required => 1,
     is => 'ro',
@@ -31,17 +32,16 @@ around BUILDARGS => sub {
 
     my $args = $class->$orig(@_);
     return $args unless defined $args->{__crypt};
+    return $args unless exists $args->{ciphertext};
 
     my $decrypted_payload = $args->{__crypt}->decrypt($args);
 
     if (defined $decrypted_payload) {
-        try {
-            my $j = JSON::Any->new;
-            my $extra_args = $j->decode($decrypted_payload);
+        my $j = JSON::Any->new;
+        my $extra_args = $j->decode($decrypted_payload);
 
-            @$args{keys %$extra_args} =
-                values %$extra_args;
-        };
+        @$args{keys %$extra_args} =
+            values %$extra_args;
     }
     return $args;
 };
diff --git a/lib/DeWeave/Storage.pm b/lib/DeWeave/Storage.pm
index 0786b7c..d8e62c9 100644
--- a/lib/DeWeave/Storage.pm
+++ b/lib/DeWeave/Storage.pm
@@ -1,4 +1,4 @@
-package DeWeave::Crypto;
+package DeWeave::Storage;
 use Moose;
 use namespace::autoclean;
 use MooseX::Types::Moose qw(Str);
@@ -34,9 +34,12 @@ has _useragent => (
 sub _build__useragent {
     my ($self) = @_;
 
-    my $ua = LWP::UserAgent->new();
+    my $ua = LWP::UserAgent->new(
+        ssl_opts => { SSL_verify_mode => 0 },
+    );
     $ua->env_proxy;
     $ua->credentials($self->server_uri->host_port,
+                     'Weave',
                      $self->username,
                      $self->password);
     $ua->protocols_allowed(['https']);
@@ -47,10 +50,11 @@ sub _build__useragent {
 sub get_item {
     my ($self,$path) = @_;
 
-    my $relative = sprintf '1.0/%s/storage/%s',
+    my $relative = sprintf '1.0/%s/%s',
         $self->username,$path;
     my $uri = URI->new_abs($relative,$self->server_uri);
     $uri->query_param(full => 1);
+warn $uri;
     my $response = $self->_useragent->get($uri);
 
     if ($response->is_success) {
diff --git a/lib/DeWeave/WBO.pm b/lib/DeWeave/WBO.pm
index 3f551dd..bdfb027 100644
--- a/lib/DeWeave/WBO.pm
+++ b/lib/DeWeave/WBO.pm
@@ -4,6 +4,7 @@ use namespace::autoclean;
 use MooseX::Types::Moose qw(Int Str Num);
 use JSON::Any;
 use Try::Tiny;
+use Data::Dump 'pp';
 
 has id => (
     isa => Str,
@@ -19,7 +20,7 @@ has modified => (
 
 has sortindex => (
     isa => Num,
-    required => 1,
+    required => 0,
     is => 'ro',
 );
 
@@ -41,17 +42,30 @@ sub from_json {
     my $j = JSON::Any->new;
 
     my $args = $j->decode($json);
-    if (exists $args->{payload}) {
-        try {
-            my $extra_args = $j->decode($args->{payload});
-
-            @$args{keys %$extra_args} =
-                values %$extra_args;
-            $args->{__crypt}=$crypt;
-        };
+    use Data::Dump 'pp';warn pp $args;
+    if (defined $args->{payload}) {
+        $args->{__crypt}=$crypt;
     }
 
-    $class->new($args);
+    return $class->new($args);
 }
 
+around BUILDARGS => sub {
+    my $orig = shift;
+    my $class = shift;
+
+    my $args = $class->$orig(@_);
+
+    return $args unless defined $args->{payload};
+
+    my $j = JSON::Any->new;
+    my $extra_args = $j->decode($args->{payload});
+
+    @$args{keys %$extra_args} =
+        values %$extra_args;
+
+    return $args;
+};
+
+
 1;
-- 
cgit v1.2.3