js/CryptoPassphrase
1
1
Fork 0
Code Issues Pull requests Projects Releases 2 Wiki Activity

Move actual password derivation to separate class

Browse source
This commit is contained in:
Jonathan Schleifer 2016-10-03 13:40:54 +02:00
parent 9e18d0deaf
commit fe54b6dab0
No known key found for this signature in database
GPG key ID: 338C3541DB54E169
3 changed files with 96 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

18
LegacyPasswordGenerator.h Normal file
View file

@ -0,0 +1,18 @@
#import <ObjFW/ObjFW.h>
@interface LegacyPasswordGenerator: OFObject
{
size_t _length;
OFString *_site;
const char *_passphrase;
unsigned char *_output;
}
@property size_t length;
@property (copy) OFString *site;
@property const char *passphrase;
@property (readonly) unsigned char *output;
+ (instancetype)generator;
- (void)derivePassword;
@end

51
LegacyPasswordGenerator.m Normal file
View file

@ -0,0 +1,51 @@
#import "LegacyPasswordGenerator.h"
@implementation LegacyPasswordGenerator
@synthesize length = _length, site = _site, passphrase = _passphrase;
@synthesize output = _output;
+ (instancetype)generator
{
return [[[self alloc] init] autorelease];
}
- init
{
self = [super init];
_length = 16;
return self;
}
- (void)derivePassword
{
OFSHA256Hash *siteHash = [OFSHA256Hash cryptoHash];
[siteHash updateWithBuffer: [_site UTF8String]
length: [_site UTF8StringLength]];
if (_output != NULL) {
of_explicit_memset(_output, 0, _length);
[self freeMemory: _output];
}
_output = [self allocMemoryWithSize: _length + 1];
of_scrypt(8, 524288, 2, [siteHash digest],
[[siteHash class] digestSize], _passphrase, strlen(_passphrase),
_output, _length);
/*
* This has a bias, however, this is what scrypt-genpass does and the
* legacy mode wants to be compatible to scrypt-genpass.
*/
_output[0] = "abcdefghijklmnopqrstuvwxyz"[_output[0] % 26];
_output[1] = "0123456789"[_output[1] % 10];
_output[2] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[_output[2] % 26];
for (size_t i = 3; i < _length; i++)
_output[i] = "abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789"[_output[i] % (26 + 26 + 10)];
}
@end

71
ScryptPWGen.m
View file

@ -3,6 +3,7 @@
#include <unistd.h> #include <unistd.h>
#import "ScryptPWGen.h" #import "ScryptPWGen.h"
#import "LegacyPasswordGenerator.h"
OF_APPLICATION_DELEGATE(ScryptPWGen) OF_APPLICATION_DELEGATE(ScryptPWGen)
@ -34,10 +35,9 @@ showHelp(OFStream *output, bool verbose)
OFOptionsParser *optionsParser = OFOptionsParser *optionsParser =
[OFOptionsParser parserWithOptions: options]; [OFOptionsParser parserWithOptions: options];
of_unichar_t option; of_unichar_t option;
OFString *site, *prompt; size_t length;
char *passphrase; char *passphrase;
OFSHA256Hash *siteHash; OFString *site, *prompt;
unsigned char *output;
while ((option = [optionsParser nextOption]) != '\0') { while ((option = [optionsParser nextOption]) != '\0') {
switch (option) { switch (option) {
@ -80,9 +80,9 @@ showHelp(OFStream *output, bool verbose)
if (lengthStr != nil) { if (lengthStr != nil) {
@try { @try {
_length = (size_t)[lengthStr decimalValue]; length = (size_t)[lengthStr decimalValue];
if (_length < 3) if (length < 3)
@throw [OFInvalidFormatException exception]; @throw [OFInvalidFormatException exception];
} @catch (OFInvalidFormatException *e) { } @catch (OFInvalidFormatException *e) {
[of_stderr writeFormat: [of_stderr writeFormat:
@ -91,8 +91,7 @@ showHelp(OFStream *output, bool verbose)
[OFApplication terminateWithStatus: 1]; [OFApplication terminateWithStatus: 1];
} }
} else }
_length = 16;
if ([[optionsParser remainingArguments] count] != 1) { if ([[optionsParser remainingArguments] count] != 1) {
showHelp(of_stderr, false); showHelp(of_stderr, false);
@ -100,48 +99,32 @@ showHelp(OFStream *output, bool verbose)
[OFApplication terminateWithStatus: 1]; [OFApplication terminateWithStatus: 1];
} }
site = [[optionsParser remainingArguments] firstObject];
siteHash = [OFSHA256Hash cryptoHash];
[siteHash updateWithBuffer: [site UTF8String]
length: [site UTF8StringLength]];
prompt = [OFString stringWithFormat: @"Passphrase for site \"%@\": ", prompt = [OFString stringWithFormat: @"Passphrase for site \"%@\": ",
site]; site];
passphrase = getpass([prompt cStringWithEncoding:
[OFSystemInfo native8BitEncoding]]);
output = [self allocMemoryWithSize: _length + 1]; LegacyPasswordGenerator *generator =
[LegacyPasswordGenerator generator];
generator.length = length;
generator.site = [[optionsParser remainingArguments] firstObject];
of_scrypt(8, 524288, 2, [siteHash digest], passphrase = getpass(
[[siteHash class] digestSize], passphrase, strlen(passphrase), [prompt cStringWithEncoding: [OFSystemInfo native8BitEncoding]]);
output, _length); @try {
generator.passphrase = passphrase;
of_explicit_memset(passphrase, 0, strlen(passphrase)); [generator derivePassword];
@try {
/* [of_stdout writeBuffer: generator.output
* This has a bias, but is what scrypt-genpass does. This should be length: generator.length];
* compatible to passwords generated by scrypt-genpass for now to allow [of_stdout writeBuffer: "\n"
* an easy migration. length: 1];
* } @finally {
* This will be replaced with something better later on and the current of_explicit_memset(generator.output, 0,
* code only available in legacy mode (which can be enabled using a generator.length);
* flag). }
*/ } @finally {
output[0] = "abcdefghijklmnopqrstuvwxyz"[output[0] % 26]; of_explicit_memset(passphrase, 0, strlen(passphrase));
output[1] = "0123456789"[output[1] % 10]; }
output[2] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[output[2] % 26];
for (size_t i = 3; i < _length; i++)
output[i] = "abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789"[output[i] % (26 + 26 + 10)];
output[_length] = '\n';
[of_stdout writeBuffer: output
length: _length + 1];
of_explicit_memset(output, 0, _length + 1);
[OFApplication terminate]; [OFApplication terminate];
} }