CryptoPassphrase  Diff

#include <string.h>

#include <unistd.h>

#import "ScryptPWGen.h"
#import "LegacyPasswordGenerator.h"

OF_APPLICATION_DELEGATE(ScryptPWGen)

static void
showHelp(OFStream *output, bool verbose)
{
	[output writeFormat: @"Usage: %@ [-hlr] site\n",

		{ 'l', @"length", 1, NULL, &lengthStr },
		{ 'r', @"repeat", 0, &_repeat, NULL },
		{ '\0', nil, 0, NULL, NULL }
	};
	OFOptionsParser *optionsParser =
	    [OFOptionsParser parserWithOptions: options];
	of_unichar_t option;
	OFString *site, *prompt;
	size_t length;
	char *passphrase;
	OFSHA256Hash *siteHash;
	OFString *site, *prompt;
	unsigned char *output;

	while ((option = [optionsParser nextOption]) != '\0') {
		switch (option) {
		case 'h':
			showHelp(of_stdout, true);

			[OFApplication terminate];

			[OFApplication terminateWithStatus: 1];
			break;
		}
	}

	if (lengthStr != nil) {
		@try {
			_length = (size_t)[lengthStr decimalValue];
			length = (size_t)[lengthStr decimalValue];

			if (_length < 3)
			if (length < 3)
				@throw [OFInvalidFormatException exception];
		} @catch (OFInvalidFormatException *e) {
			[of_stderr writeFormat:
			    @"%@: Invalid length: %@\n",
			    [OFApplication programName], lengthStr];

			[OFApplication terminateWithStatus: 1];
		}
	} else
		_length = 16;
	}

	if ([[optionsParser remainingArguments] count] != 1) {
		showHelp(of_stderr, false);

		[OFApplication terminateWithStatus: 1];
	}

	site = [[optionsParser remainingArguments] firstObject];
	siteHash = [OFSHA256Hash cryptoHash];
	[siteHash updateWithBuffer: [site UTF8String]
			    length: [site UTF8StringLength]];

	prompt = [OFString stringWithFormat: @"Passphrase for site \"%@\": ",
					     site];
	passphrase = getpass([prompt cStringWithEncoding:
	    [OFSystemInfo native8BitEncoding]]);

	output = [self allocMemoryWithSize: _length + 1];

	LegacyPasswordGenerator *generator =
	of_scrypt(8, 524288, 2, [siteHash digest],
	    [[siteHash class] digestSize], passphrase, strlen(passphrase),
	    output, _length);
	    [LegacyPasswordGenerator generator];
	generator.length = length;
	generator.site = [[optionsParser remainingArguments] firstObject];

	of_explicit_memset(passphrase, 0, strlen(passphrase));

	passphrase = getpass(
	    [prompt cStringWithEncoding: [OFSystemInfo native8BitEncoding]]);
	/*
	 * This has a bias, but is what scrypt-genpass does. This should be
	 * compatible to passwords generated by scrypt-genpass for now to allow
	 * an easy migration.
	 *
	@try {
		generator.passphrase = passphrase;

	 * This will be replaced with something better later on and the current
	 * code only available in legacy mode (which can be enabled using a
	 * flag).
	 */
	output[0] = "abcdefghijklmnopqrstuvwxyz"[output[0] % 26];
	output[1] = "0123456789"[output[1] % 10];
	output[2] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[output[2] % 26];

		[generator derivePassword];
	for (size_t i = 3; i < _length; i++)
		output[i] = "abcdefghijklmnopqrstuvwxyz"
		    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
		    "0123456789"[output[i] % (26 + 26 + 10)];

	output[_length] = '\n';

	[of_stdout writeBuffer: output
			length: _length + 1];

	of_explicit_memset(output, 0, _length + 1);
		@try {
			[of_stdout writeBuffer: generator.output
					length: generator.length];
			[of_stdout writeBuffer: "\n"
					length: 1];
		} @finally {
			of_explicit_memset(generator.output, 0,
			    generator.length);
		}
	} @finally {
		of_explicit_memset(passphrase, 0, strlen(passphrase));
	}

	[OFApplication terminate];
}
@end