CryptoPassphrase  Check-in [aec6746a96]

Overview
Comment:Adjust to ObjFW changes
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: aec6746a96f92e9bed68663cf775bf229bcdb3930f4a689b3b8b68c27fe29868
User & Date: js on 2021-04-28 21:51:03
Other Links: manifest | tags
Context
2022-03-25
11:37
Adjust to ObjFW changes check-in: c359fca25a user: js tags: trunk
2021-04-28
21:51
Adjust to ObjFW changes check-in: aec6746a96 user: js tags: trunk
2021-03-21
11:03
Allow swappable memory check-in: 007bd9985e user: js tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified CryptoPassphrase.m from [10bb34008e] to [88cb4e5f09]. 

46
47
48
49
50
51
52
53

54
55
56
57
58
59
60
61
62
63

64
65
66
67
68
69
70
71
72
73
74

75
76
77
78
79
80
81

82
83
84
85
86

87
88
89
90
91
92
93
94
95

96
97
98
99
100

101
102
103
104
105
106
107
108
109
110
111

112
113
114
115
116
117
118

46
47
48
49
50
51
52

53
54
55
56
57
58
59
60
61
62

63
64
65
66
67
68
69
70
71
72
73

74
75
76
77
78
79
80

81
82
83
84
85

86
87
88
89
90
91
92
93
94

95
96
97
98
99

100
101
102
103
104
105
106
107
108
109
110

111
112
113
114
115
116
117
118








-
+









-
+










-
+






-
+




-
+








-
+




-
+










-
+








		    @"    -r  --repeat  Repeat input\n"];
}

@implementation CryptoPassphrase
- (void)applicationDidFinishLaunching
{
	OFString *keyFilePath, *lengthString;
	const of_options_parser_option_t options[] = {
	const OFOptionsParserOption options[] = {
		{ 'h', @"help", 0, NULL, NULL },
		{ 'k', @"keyfile", 1, NULL, &keyFilePath },
		{ 'l', @"length", 1, NULL, &lengthString },
		{ 'L', @"legacy", 0, &_legacy, NULL },
		{ 'r', @"repeat", 0, &_repeat, NULL },
		{ '\0', nil, 0, NULL, NULL }
	};
	OFOptionsParser *optionsParser =
	    [OFOptionsParser parserWithOptions: options];
	of_unichar_t option;
	OFUnichar option;
	OFMutableData *keyFile = nil;
	OFString *prompt;
	const char *promptCString;
	char *passphraseCString;
	size_t passphraseLength;
	OFSecureData *passphrase;

	while ((option = [optionsParser nextOption]) != '\0') {
		switch (option) {
		case 'h':
			showHelp(of_stdout, true);
			showHelp(OFStdOut, true);

			[OFApplication terminate];

			break;
		case ':':
			if (optionsParser.lastLongOption != nil)
				[of_stderr writeFormat:
				[OFStdErr writeFormat:
				    @"%@: Argument for option --%@ missing\n",
				    [OFApplication programName],
				    optionsParser.lastLongOption];
			else
				[of_stderr writeFormat:
				[OFStdErr writeFormat:
				    @"%@: Argument for option -%C missing\n",
				    [OFApplication programName],
				    optionsParser.lastOption];

			[OFApplication terminateWithStatus: 1];
			break;
		case '?':
			if (optionsParser.lastLongOption != nil)
				[of_stderr writeFormat:
				[OFStdErr writeFormat:
				    @"%@: Unknown option: --%@\n",
				    [OFApplication programName],
				    optionsParser.lastLongOption];
			else
				[of_stderr writeFormat:
				[OFStdErr writeFormat:
				    @"%@: Unknown option: -%C\n",
				    [OFApplication programName],
				    optionsParser.lastOption];

			[OFApplication terminateWithStatus: 1];
			break;
		}
	}

	if (optionsParser.remainingArguments.count != 1) {
		showHelp(of_stderr, false);
		showHelp(OFStdErr, false);

		[OFApplication terminateWithStatus: 1];
	}

	id <PasswordGenerator> generator = (_legacy
	    ? [LegacyPasswordGenerator generator]
	    : [NewPasswordGenerator generator]);

132
133
134
135
136
137
138
139

140
141
142
143
144
145
146

132
133
134
135
136
137
138

139
140
141
142
143
144
145
146








-
+








		} @catch (OFInvalidFormatException *e) {
			invalid = true;
		} @catch (OFOutOfRangeException *e) {
			invalid = true;
		}

		if (invalid) {
			[of_stderr writeFormat:
			[OFStdErr writeFormat:
			    @"%@: Invalid length: %@\n",
			    [OFApplication programName], lengthString];

			[OFApplication terminateWithStatus: 1];
		}
	}


155
156
157
158
159
160
161
162

163
164
165
166

167
168
169
170
171
172
173
174

175
176
177
178
179

180
181
182
183
184
185
186

187
188

189
190
191
192
193

155
156
157
158
159
160
161

162
163
164
165

166
167
168
169
170
171
172
173

174
175
176
177


178
179
180
181
182
183
184

185


186

187
188
189
190








-
+



-
+







-
+



-
-
+






-
+
-
-
+
-





	passphraseLength = strlen(passphraseCString);
	@try {
		passphrase = [OFSecureData dataWithCount: passphraseLength + 1
				   allowsSwappableMemory: true];
		memcpy(passphrase.mutableItems, passphraseCString,
		    passphraseLength + 1);
	} @finally {
		of_explicit_memset(passphraseCString, '\0', passphraseLength);
		OFZeroMemory(passphraseCString, passphraseLength);
	}

	if (_repeat) {
		of_string_encoding_t encoding = [OFLocale encoding];
		OFStringEncoding encoding = [OFLocale encoding];

		prompt = [OFString stringWithFormat:
		    @"Repeat passphrase for site \"%@\": ", generator.site];
		passphraseCString =
		    getpass([prompt cStringWithEncoding: encoding]);

		if (strcmp(passphraseCString, passphrase.items) != 0) {
			[of_stderr writeString: @"Passphrases do not match!\n"];
			[OFStdErr writeString: @"Passphrases do not match!\n"];
			[OFApplication terminateWithStatus: 1];
		}

		of_explicit_memset(passphraseCString, '\0',
		    strlen(passphraseCString));
		OFZeroMemory(passphraseCString, strlen(passphraseCString));
	}

	generator.keyFile = keyFile;
	generator.passphrase = passphrase;

	[generator derivePassword];
	[of_stdout writeBuffer: generator.output.items
	[OFStdOut writeBuffer: generator.output.items length: generator.length];
			length: generator.length];
	[of_stdout writeBuffer: "\n"
	[OFStdOut writeBuffer: "\n" length: 1];
			length: 1];

	[OFApplication terminate];
}
@end

Modified LegacyPasswordGenerator.m from [3c0f69dc95] to [2242defb21]. 

52
53
54
55
56
57
58
59

60
61
62
63
64
65
66

52
53
54
55
56
57
58

59
60
61
62
63
64
65
66








-
+








{
	return _length;
}

- (void)derivePassword
{
	OFSHA256Hash *siteHash = [OFSHA256Hash
	    cryptoHashWithAllowsSwappableMemory: true];
	    hashWithAllowsSwappableMemory: true];
	size_t passphraseLength, combinedPassphraseLength;
	OFSecureData *combinedPassphrase;
	char *combinedPassphraseItems;
	unsigned char *outputItems;

	[siteHash updateWithBuffer: _site.UTF8String
			    length: _site.UTF8StringLength];

85
86
87
88
89
90
91
92

93
94
95
96
97
98
99

85
86
87
88
89
90
91

92
93
94
95
96
97
98
99








-
+








	memcpy(combinedPassphraseItems, _passphrase.items, passphraseLength);

	if (_keyFile != nil)
		memcpy(combinedPassphraseItems + passphraseLength,
		    _keyFile.items, _keyFile.count);

	outputItems = _output.mutableItems;
	of_scrypt((of_scrypt_parameters_t){
	OFScrypt((OFScryptParameters){
		.blockSize             = 8,
		.costFactor            = 524288,
		.parallelization       = 2,
		.salt                  = siteHash.digest,
		.saltLength            = [siteHash.class digestSize],
		.password              = combinedPassphraseItems,
		.passwordLength        = combinedPassphraseLength,

Modified NewPasswordGenerator.m from [85e48149ff] to [b6004b9716]. 

39
40
41
42
43
44
45
46

47
48
49
50
51
52
53

39
40
41
42
43
44
45

46
47
48
49
50
51
52
53








-
+









	return self;
}

- (void)derivePassword
{
	OFSHA384Hash *siteHash = [OFSHA384Hash
	    cryptoHashWithAllowsSwappableMemory: true];
	    hashWithAllowsSwappableMemory: true];
	size_t passphraseLength, combinedPassphraseLength;
	OFSecureData *combinedPassphrase;
	char *combinedPassphraseItems;
	unsigned char *outputItems;

	[siteHash updateWithBuffer: _site.UTF8String
			    length: _site.UTF8StringLength];

72
73
74
75
76
77
78
79

80
81
82
83
84
85
86

72
73
74
75
76
77
78

79
80
81
82
83
84
85
86








-
+








	memcpy(combinedPassphraseItems, _passphrase.items, passphraseLength);

	if (_keyFile != nil)
		memcpy(combinedPassphraseItems + passphraseLength,
		    _keyFile.items, _keyFile.count);

	outputItems = _output.mutableItems;
	of_scrypt((of_scrypt_parameters_t){
	OFScrypt((OFScryptParameters){
		.blockSize             = 8,
		.costFactor            = 524288,
		.parallelization       = 2,
		.salt                  = siteHash.digest,
		.saltLength            = [siteHash.class digestSize],
		.password              = combinedPassphraseItems,
		.passwordLength        = combinedPassphraseLength,