CryptoPassphrase  Check-in [f13f84c5b9]

Overview
Comment:Add support for using a keyfile
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: f13f84c5b98e57ca35007dd7ec4c22cfac98ad65aef85cbf75079ec49611bbe3
User & Date: js 2017-11-26 15:01:01
Context
2017-11-26
19:19
iOS: A few code modernizations check-in: 6205c4feae user: js tags: trunk
15:01
Add support for using a keyfile check-in: f13f84c5b9 user: js tags: trunk
2017-10-21
20:07
iOS: Allow all orientations check-in: 1a36714841 user: js tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to LegacyPasswordGenerator.h.

22
23
24
25
26
27
28

29
30
31
32

#import "PasswordGenerator.h"

@interface LegacyPasswordGenerator: OFObject <PasswordGenerator>
{
	size_t _length;
	OFString *_site;

	const char *_passphrase;
	unsigned char *_output;
}
@end







>




22
23
24
25
26
27
28
29
30
31
32
33

#import "PasswordGenerator.h"

@interface LegacyPasswordGenerator: OFObject <PasswordGenerator>
{
	size_t _length;
	OFString *_site;
	OFData *_keyfile;
	const char *_passphrase;
	unsigned char *_output;
}
@end

Changes to LegacyPasswordGenerator.m.

19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#import "LegacyPasswordGenerator.h"

@implementation LegacyPasswordGenerator
@synthesize site = _site, passphrase = _passphrase, output = _output;


+ (instancetype)generator
{
	return [[[self alloc] init] autorelease];
}

- init







|
>







19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#import "LegacyPasswordGenerator.h"

@implementation LegacyPasswordGenerator
@synthesize site = _site, keyfile = _keyfile, passphrase = _passphrase;
@synthesize output = _output;

+ (instancetype)generator
{
	return [[[self alloc] init] autorelease];
}

- init
51
52
53
54
55
56
57



58
59
60
61
62
63
64
65
66
67


















68
69
70





71
72
73
74
75
76
77
{
	return _length;
}

- (void)derivePassword
{
	OFSHA256Hash *siteHash = [OFSHA256Hash cryptoHash];



	[siteHash updateWithBuffer: [_site UTF8String]
			    length: [_site UTF8StringLength]];

	if (_output != NULL) {
		of_explicit_memset(_output, 0, _length);
		[self freeMemory: _output];
	}

	_output = [self allocMemoryWithSize: _length + 1];



















	of_scrypt(8, 524288, 2, [siteHash digest],
	    [[siteHash class] digestSize], _passphrase, strlen(_passphrase),
	    _output, _length);






	/*
	 * This has a bias, however, this is what scrypt-genpass does and the
	 * legacy mode wants to be compatible to scrypt-genpass.
	 */
	_output[0] = "abcdefghijklmnopqrstuvwxyz"[_output[0] % 26];
	_output[1] = "0123456789"[_output[1] % 10];







>
>
>










>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
>
>
>
>
>







52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
{
	return _length;
}

- (void)derivePassword
{
	OFSHA256Hash *siteHash = [OFSHA256Hash cryptoHash];
	size_t passphraseLength, combinedPassphraseLength;
	char *combinedPassphrase;

	[siteHash updateWithBuffer: [_site UTF8String]
			    length: [_site UTF8StringLength]];

	if (_output != NULL) {
		of_explicit_memset(_output, 0, _length);
		[self freeMemory: _output];
	}

	_output = [self allocMemoryWithSize: _length + 1];

	passphraseLength = combinedPassphraseLength = strlen(_passphrase);
	if (_keyfile != nil) {
		if (SIZE_MAX - combinedPassphraseLength < [_keyfile count])
			@throw [OFOutOfRangeException exception];

		combinedPassphraseLength += [_keyfile count];
	}

	if ((combinedPassphrase = malloc(combinedPassphraseLength)) == NULL)
		@throw [OFOutOfMemoryException
		    exceptionWithRequestedSize: combinedPassphraseLength];
	@try {
		memcpy(combinedPassphrase, _passphrase, passphraseLength);

		if (_keyfile != nil)
			memcpy(combinedPassphrase + passphraseLength,
			    [_keyfile items], [_keyfile count]);

		of_scrypt(8, 524288, 2, [siteHash digest],
		    [[siteHash class] digestSize], combinedPassphrase,
		    combinedPassphraseLength, _output, _length);
	} @finally {
		of_explicit_memset(combinedPassphrase, 0,
		    combinedPassphraseLength);
		free(combinedPassphrase);
	}

	/*
	 * This has a bias, however, this is what scrypt-genpass does and the
	 * legacy mode wants to be compatible to scrypt-genpass.
	 */
	_output[0] = "abcdefghijklmnopqrstuvwxyz"[_output[0] % 26];
	_output[1] = "0123456789"[_output[1] % 10];

Changes to NewPasswordGenerator.h.

22
23
24
25
26
27
28

29
30
31
32

#import "PasswordGenerator.h"

@interface NewPasswordGenerator: OFObject <PasswordGenerator>
{
	size_t _length;
	OFString *_site;

	const char *_passphrase;
	unsigned char *_output;
}
@end







>




22
23
24
25
26
27
28
29
30
31
32
33

#import "PasswordGenerator.h"

@interface NewPasswordGenerator: OFObject <PasswordGenerator>
{
	size_t _length;
	OFString *_site;
	OFData *_keyfile;
	const char *_passphrase;
	unsigned char *_output;
}
@end

Changes to NewPasswordGenerator.m.

19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45



46
47
48
49
50
51
52
53
54
55


















56
57
58





59
60
61
62
63
64
65
66
67
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#import "NewPasswordGenerator.h"

@implementation NewPasswordGenerator
@synthesize length = _length, site = _site, passphrase = _passphrase;
@synthesize output = _output;

+ (instancetype)generator
{
	return [[[self alloc] init] autorelease];
}

- init
{
	self = [super init];

	_length = 16;

	return self;
}

- (void)derivePassword
{
	OFSHA384Hash *siteHash = [OFSHA384Hash cryptoHash];



	[siteHash updateWithBuffer: [_site UTF8String]
			    length: [_site UTF8StringLength]];

	if (_output != NULL) {
		of_explicit_memset(_output, 0, _length);
		[self freeMemory: _output];
	}

	_output = [self allocMemoryWithSize: _length + 1];



















	of_scrypt(8, 524288, 2, [siteHash digest],
	    [[siteHash class] digestSize], _passphrase, strlen(_passphrase),
	    _output, _length);






	for (size_t i = 0; i < _length; i++)
		_output[i] =
		    "123456789"
		    "abcdefghijkmnopqrstuvwxyz"
		    "ABCDEFGHJKLMNPQRSTUVWXYZ"
		    "#$%-=?"[_output[i] & 0x3F];
}
@end







|
|


















>
>
>










>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
>
>
>
>
>









19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#import "NewPasswordGenerator.h"

@implementation NewPasswordGenerator
@synthesize length = _length, site = _site, keyfile = _keyfile;
@synthesize passphrase = _passphrase, output = _output;

+ (instancetype)generator
{
	return [[[self alloc] init] autorelease];
}

- init
{
	self = [super init];

	_length = 16;

	return self;
}

- (void)derivePassword
{
	OFSHA384Hash *siteHash = [OFSHA384Hash cryptoHash];
	size_t passphraseLength, combinedPassphraseLength;
	char *combinedPassphrase;

	[siteHash updateWithBuffer: [_site UTF8String]
			    length: [_site UTF8StringLength]];

	if (_output != NULL) {
		of_explicit_memset(_output, 0, _length);
		[self freeMemory: _output];
	}

	_output = [self allocMemoryWithSize: _length + 1];

	passphraseLength = combinedPassphraseLength = strlen(_passphrase);
	if (_keyfile != nil) {
		if (SIZE_MAX - combinedPassphraseLength < [_keyfile count])
			@throw [OFOutOfRangeException exception];

		combinedPassphraseLength += [_keyfile count];
	}

	if ((combinedPassphrase = malloc(combinedPassphraseLength)) == NULL)
		@throw [OFOutOfMemoryException
		    exceptionWithRequestedSize: combinedPassphraseLength];
	@try {
		memcpy(combinedPassphrase, _passphrase, passphraseLength);

		if (_keyfile != nil)
			memcpy(combinedPassphrase + passphraseLength,
			    [_keyfile items], [_keyfile count]);

		of_scrypt(8, 524288, 2, [siteHash digest],
		    [[siteHash class] digestSize], combinedPassphrase,
		    combinedPassphraseLength, _output, _length);
	} @finally {
		of_explicit_memset(combinedPassphrase, 0,
		    combinedPassphraseLength);
		free(combinedPassphrase);
	}

	for (size_t i = 0; i < _length; i++)
		_output[i] =
		    "123456789"
		    "abcdefghijkmnopqrstuvwxyz"
		    "ABCDEFGHJKLMNPQRSTUVWXYZ"
		    "#$%-=?"[_output[i] & 0x3F];
}
@end

Changes to PasswordGenerator.h.

19
20
21
22
23
24
25
26
27

28
29
30
31
32
33
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#import <ObjFW/ObjFW.h>

@protocol PasswordGenerator
@property size_t length;
@property (nonatomic, copy) OFString *site;

@property const char *passphrase;
@property (readonly) unsigned char *output;

+ (instancetype)generator;
- (void)derivePassword;
@end







|
|
>
|
|




19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#import <ObjFW/ObjFW.h>

@protocol PasswordGenerator
@property (nonatomic) size_t length;
@property (copy, nonatomic) OFString *site;
@property (retain, nonatomic) OFData *keyfile;
@property (nonatomic) const char *passphrase;
@property (readonly, nonatomic) unsigned char *output;

+ (instancetype)generator;
- (void)derivePassword;
@end

Changes to ScryptPWGen.m.

35
36
37
38
39
40
41

42
43
44
45
46
47
48
49
50
51
52
53

54
55
56
57
58
59
60
61
62
63


64
65
66
67
68
69
70
			     [OFApplication programName]];

	if (verbose)
		[output writeString:
		    @"\n"
		    @"Options:\n"
		    @"    -h  --help    Show this help\n"

		    @"    -l  --length  Length for the derived password\n"
		    @"    -L  --legacy  Use the legacy algorithm "
		    @"(compatible with scrypt-genpass)\n"
		    @"    -r  --repeat  Repeat input\n"];
}

@implementation ScryptPWGen
- (void)applicationDidFinishLaunching
{
	OFString *lengthStr;
	const of_options_parser_option_t options[] = {
		{ 'h', @"help", 0, NULL, NULL },

		{ 'l', @"length", 1, NULL, &lengthStr },
		{ 'L', @"legacy", 0, &_legacy, NULL },
		{ 'r', @"repeat", 0, &_repeat, NULL },
		{ '\0', nil, 0, NULL, NULL }
	};
	OFOptionsParser *optionsParser =
	    [OFOptionsParser parserWithOptions: options];
	of_unichar_t option;
	char *passphrase;
	OFString *prompt;



	while ((option = [optionsParser nextOption]) != '\0') {
		switch (option) {
		case 'h':
			showHelp(of_stdout, true);

			[OFApplication terminate];







>









|


>
|







|

>
>







35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
			     [OFApplication programName]];

	if (verbose)
		[output writeString:
		    @"\n"
		    @"Options:\n"
		    @"    -h  --help    Show this help\n"
		    @"    -k  --keyfile Use the specified key file\n"
		    @"    -l  --length  Length for the derived password\n"
		    @"    -L  --legacy  Use the legacy algorithm "
		    @"(compatible with scrypt-genpass)\n"
		    @"    -r  --repeat  Repeat input\n"];
}

@implementation ScryptPWGen
- (void)applicationDidFinishLaunching
{
	OFString *keyfilePath, *lengthString;
	const of_options_parser_option_t options[] = {
		{ 'h', @"help", 0, NULL, NULL },
		{ 'k', @"keyfile", 1, NULL, &keyfilePath },
		{ 'l', @"length", 1, NULL, &lengthString },
		{ 'L', @"legacy", 0, &_legacy, NULL },
		{ 'r', @"repeat", 0, &_repeat, NULL },
		{ '\0', nil, 0, NULL, NULL }
	};
	OFOptionsParser *optionsParser =
	    [OFOptionsParser parserWithOptions: options];
	of_unichar_t option;
	OFMutableData *keyfile = nil;
	OFString *prompt;
	const char *promptCString;
	char *passphrase;

	while ((option = [optionsParser nextOption]) != '\0') {
		switch (option) {
		case 'h':
			showHelp(of_stdout, true);

			[OFApplication terminate];
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137





138
139
140
141
142
143
144
145
146
	}

	id <PasswordGenerator> generator = (_legacy
	    ? [LegacyPasswordGenerator generator]
	    : [NewPasswordGenerator generator]);
	generator.site = [[optionsParser remainingArguments] firstObject];

	if (lengthStr != nil) {
		bool invalid = false;

		@try {
			generator.length = (size_t)[lengthStr decimalValue];
		} @catch (OFInvalidFormatException *e) {
			invalid = true;
		} @catch (OFOutOfRangeException *e) {
			invalid = true;
		}

		if (invalid) {
			[of_stderr writeFormat:
			    @"%@: Invalid length: %@\n",
			    [OFApplication programName], lengthStr];

			[OFApplication terminateWithStatus: 1];
		}
	}


	prompt = [OFString stringWithFormat: @"Passphrase for site \"%@\": ",
					     generator.site];





	passphrase = getpass(
	    [prompt cStringWithEncoding: [OFLocalization encoding]]);
	@try {
		if (_repeat) {
			char *passphraseCopy = of_strdup(passphrase);

			if (passphraseCopy == NULL)
				@throw [OFOutOfMemoryException exception];








|



|









|





<


>
>
>
>
>
|
<







112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

139
140
141
142
143
144
145
146

147
148
149
150
151
152
153
	}

	id <PasswordGenerator> generator = (_legacy
	    ? [LegacyPasswordGenerator generator]
	    : [NewPasswordGenerator generator]);
	generator.site = [[optionsParser remainingArguments] firstObject];

	if (lengthString != nil) {
		bool invalid = false;

		@try {
			generator.length = (size_t)[lengthString decimalValue];
		} @catch (OFInvalidFormatException *e) {
			invalid = true;
		} @catch (OFOutOfRangeException *e) {
			invalid = true;
		}

		if (invalid) {
			[of_stderr writeFormat:
			    @"%@: Invalid length: %@\n",
			    [OFApplication programName], lengthString];

			[OFApplication terminateWithStatus: 1];
		}
	}


	prompt = [OFString stringWithFormat: @"Passphrase for site \"%@\": ",
					     generator.site];
	promptCString = [prompt cStringWithEncoding: [OFLocalization encoding]];

	if (keyfilePath != nil)
		keyfile = [OFMutableData dataWithContentsOfFile: keyfilePath];

	passphrase = getpass(promptCString);

	@try {
		if (_repeat) {
			char *passphraseCopy = of_strdup(passphrase);

			if (passphraseCopy == NULL)
				@throw [OFOutOfMemoryException exception];

162
163
164
165
166
167
168

169
170
171
172
173
174
175
176
177
178
179
180
181
182



183
184
185
186
187
			} @finally {
				of_explicit_memset(passphraseCopy, 0,
				    strlen(passphraseCopy));
				free(passphraseCopy);
			}
		}


		generator.passphrase = passphrase;

		[generator derivePassword];
		@try {
			[of_stdout writeBuffer: generator.output
					length: generator.length];
			[of_stdout writeBuffer: "\n"
					length: 1];
		} @finally {
			of_explicit_memset(generator.output, 0,
			    generator.length);
		}
	} @finally {
		of_explicit_memset(passphrase, 0, strlen(passphrase));



	}

	[OFApplication terminate];
}
@end







>














>
>
>





169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
			} @finally {
				of_explicit_memset(passphraseCopy, 0,
				    strlen(passphraseCopy));
				free(passphraseCopy);
			}
		}

		generator.keyfile = keyfile;
		generator.passphrase = passphrase;

		[generator derivePassword];
		@try {
			[of_stdout writeBuffer: generator.output
					length: generator.length];
			[of_stdout writeBuffer: "\n"
					length: 1];
		} @finally {
			of_explicit_memset(generator.output, 0,
			    generator.length);
		}
	} @finally {
		of_explicit_memset(passphrase, 0, strlen(passphrase));

		if (keyfile != nil)
			of_explicit_memset([keyfile items], 0, [keyfile count]);
	}

	[OFApplication terminate];
}
@end