CryptoPassphrase  Check-in [617d8a7cfb]

Overview
Comment:Move actual password derivation to separate class
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 617d8a7cfbdb53246271b8a294260ee95cdcbef16e857e96e596a3da24e9700c
User & Date: js on 2016-10-03 11:40:54
Other Links: manifest | tags
Context
2016-10-08
12:24
Add a license check-in: 4772cb8670 user: js tags: trunk
2016-10-03
11:40
Move actual password derivation to separate class check-in: 617d8a7cfb user: js tags: trunk
2016-10-01
22:46
Initial commit check-in: 4364044864 user: js tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Added LegacyPasswordGenerator.h version [e7a09ac297]. 




















1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

#import <ObjFW/ObjFW.h>

@interface LegacyPasswordGenerator: OFObject
{
	size_t _length;
	OFString *_site;
	const char *_passphrase;
	unsigned char *_output;
}

@property size_t length;
@property (copy) OFString *site;
@property const char *passphrase;
@property (readonly) unsigned char *output;

+ (instancetype)generator;
- (void)derivePassword;
@end








Added LegacyPasswordGenerator.m version [cc7dba9d4e].























































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

#import "LegacyPasswordGenerator.h"

@implementation LegacyPasswordGenerator
@synthesize length = _length, site = _site, passphrase = _passphrase;
@synthesize output = _output;

+ (instancetype)generator
{
	return [[[self alloc] init] autorelease];
}

- init
{
	self = [super init];

	_length = 16;

	return self;
}

- (void)derivePassword
{
	OFSHA256Hash *siteHash = [OFSHA256Hash cryptoHash];
	[siteHash updateWithBuffer: [_site UTF8String]
			    length: [_site UTF8StringLength]];

	if (_output != NULL) {
		of_explicit_memset(_output, 0, _length);
		[self freeMemory: _output];
	}

	_output = [self allocMemoryWithSize: _length + 1];

	of_scrypt(8, 524288, 2, [siteHash digest],
	    [[siteHash class] digestSize], _passphrase, strlen(_passphrase),
	    _output, _length);

	/*
	 * This has a bias, however, this is what scrypt-genpass does and the
	 * legacy mode wants to be compatible to scrypt-genpass.
	 */
	_output[0] = "abcdefghijklmnopqrstuvwxyz"[_output[0] % 26];
	_output[1] = "0123456789"[_output[1] % 10];
	_output[2] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[_output[2] % 26];

	for (size_t i = 3; i < _length; i++)
		_output[i] = "abcdefghijklmnopqrstuvwxyz"
		    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
		    "0123456789"[_output[i] % (26 + 26 + 10)];
}
@end








Modified ScryptPWGen.m
from [8240695fb9]
to [c7a76473a8].



1
2
3
4
5

6
7
8
9
10
11
12

1
2
3
4
5
6
7
8
9
10
11
12
13






+








#include <string.h>

#include <unistd.h>

#import "ScryptPWGen.h"
#import "LegacyPasswordGenerator.h"

OF_APPLICATION_DELEGATE(ScryptPWGen)

static void
showHelp(OFStream *output, bool verbose)
{
	[output writeFormat: @"Usage: %@ [-hlr] site\n",







30
31
32
33
34
35
36
37

38
39

40
41
42
43
44
45
46
47

31
32
33
34
35
36
37

38
39

40

41
42
43
44
45
46
47








-
+

-
+
-








		{ 'l', @"length", 1, NULL, &lengthStr },
		{ 'r', @"repeat", 0, &_repeat, NULL },
		{ '\0', nil, 0, NULL, NULL }
	};
	OFOptionsParser *optionsParser =
	    [OFOptionsParser parserWithOptions: options];
	of_unichar_t option;
	OFString *site, *prompt;
	size_t length;
	char *passphrase;
	OFSHA256Hash *siteHash;
	OFString *site, *prompt;
	unsigned char *output;

	while ((option = [optionsParser nextOption]) != '\0') {
		switch (option) {
		case 'h':
			showHelp(of_stdout, true);

			[OFApplication terminate];







76
77
78
79
80
81
82
83

84
85

86
87
88
89
90
91
92
93
94
95

96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

115
116
117



118
119
120


121
122
123
124
125



126
127
128
129
130
131
132
133

134
135
136
137
138
139
140
141
142
143
144












145
146
147
148

76
77
78
79
80
81
82

83
84

85
86
87
88
89
90
91
92
93


94
95
96
97
98
99
100
101





102
103


104


105



106
107
108
109


110
111





112
113
114








115











116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131








-
+

-
+








-
-
+







-
-
-
-
-


-
-

-
-
+
-
-
-
+
+
+

-
-
+
+
-
-
-
-
-
+
+
+
-
-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+





			[OFApplication terminateWithStatus: 1];
			break;
		}
	}

	if (lengthStr != nil) {
		@try {
			_length = (size_t)[lengthStr decimalValue];
			length = (size_t)[lengthStr decimalValue];

			if (_length < 3)
			if (length < 3)
				@throw [OFInvalidFormatException exception];
		} @catch (OFInvalidFormatException *e) {
			[of_stderr writeFormat:
			    @"%@: Invalid length: %@\n",
			    [OFApplication programName], lengthStr];

			[OFApplication terminateWithStatus: 1];
		}
	} else
		_length = 16;
	}

	if ([[optionsParser remainingArguments] count] != 1) {
		showHelp(of_stderr, false);

		[OFApplication terminateWithStatus: 1];
	}

	site = [[optionsParser remainingArguments] firstObject];
	siteHash = [OFSHA256Hash cryptoHash];
	[siteHash updateWithBuffer: [site UTF8String]
			    length: [site UTF8StringLength]];

	prompt = [OFString stringWithFormat: @"Passphrase for site \"%@\": ",
					     site];
	passphrase = getpass([prompt cStringWithEncoding:
	    [OFSystemInfo native8BitEncoding]]);

	output = [self allocMemoryWithSize: _length + 1];

	LegacyPasswordGenerator *generator =
	of_scrypt(8, 524288, 2, [siteHash digest],
	    [[siteHash class] digestSize], passphrase, strlen(passphrase),
	    output, _length);
	    [LegacyPasswordGenerator generator];
	generator.length = length;
	generator.site = [[optionsParser remainingArguments] firstObject];

	of_explicit_memset(passphrase, 0, strlen(passphrase));

	passphrase = getpass(
	    [prompt cStringWithEncoding: [OFSystemInfo native8BitEncoding]]);
	/*
	 * This has a bias, but is what scrypt-genpass does. This should be
	 * compatible to passwords generated by scrypt-genpass for now to allow
	 * an easy migration.
	 *
	@try {
		generator.passphrase = passphrase;

	 * This will be replaced with something better later on and the current
	 * code only available in legacy mode (which can be enabled using a
	 * flag).
	 */
	output[0] = "abcdefghijklmnopqrstuvwxyz"[output[0] % 26];
	output[1] = "0123456789"[output[1] % 10];
	output[2] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[output[2] % 26];

		[generator derivePassword];
	for (size_t i = 3; i < _length; i++)
		output[i] = "abcdefghijklmnopqrstuvwxyz"
		    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
		    "0123456789"[output[i] % (26 + 26 + 10)];

	output[_length] = '\n';

	[of_stdout writeBuffer: output
			length: _length + 1];

	of_explicit_memset(output, 0, _length + 1);
		@try {
			[of_stdout writeBuffer: generator.output
					length: generator.length];
			[of_stdout writeBuffer: "\n"
					length: 1];
		} @finally {
			of_explicit_memset(generator.output, 0,
			    generator.length);
		}
	} @finally {
		of_explicit_memset(passphrase, 0, strlen(passphrase));
	}

	[OFApplication terminate];
}
@end











  
  
 

 


  

    

      Fossil 2.23 [47362306a7] 2023-11-01 18:56:47
    

    This page was generated in about 0.015s