Overview
| Comment: | FUCK THIS SHIT |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
218f1d20c2db9fe7af57802555e16f8e |
| User & Date: | lexi on 2019-08-15 11:24:16 |
| Other Links: | manifest | tags |
Context
|
2019-08-15
| ||
| 12:31 | my monster liiiiives check-in: 5089ec59d3 user: lexi tags: trunk | |
| 11:24 | FUCK THIS SHIT check-in: 218f1d20c2 user: lexi tags: trunk | |
| 08:34 | updates check-in: c2ffe127f3 user: lexi tags: trunk | |
Changes
Modified kpw.d/db.md from [f52a921e08] to [5982f7fb3c].
8 9 10 11 12 13 14 15 16 17 18 |
4. encrypt(private key, password salt) [for pw verification] 5. record * each record takes the form of 1. account name length (1 byte) 2. account name 3. password length (4 bytes) 4. password records are added simply by encrypting them with the public key and appending them to the end of the file. thus, adding a new password does not require the decryption password. |
| |
8 9 10 11 12 13 14 15 16 17 18 |
4. encrypt(private key, password salt) [for pw verification]
5. record *
each record takes the form of
1. account name length (1 byte)
2. account name
3. password length (1 byte)
4. password
records are added simply by encrypting them with the public key and appending them to the end of the file. thus, adding a new password does not require the decryption password.
|
Modified kpw.d/kpw.c from [f4297483ea] to [22f71ce9d0].
339 340 341 342 343 344 345 346 347 348 349 350 351 352 ... 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 ... 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 ... 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 ... 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 |
} else {
printf("path is %s", dbpath);
db = open(dbpath, flags, 0600);
}
return db;
}
int
kpw(int argc, const char** argv) {
if (argc == 0) return bad_insane;
_g_binary_name = argv[0];
enum genmode
................................................................................
alert(a_debug, "converting length parameter to integer");
bad e = katoi(10, prm, &len);
if (e != ok) return bad_num;
} else alert(a_debug, "using default password length"),
len = default_pw_len;
alert(a_debug, "generating new password");
mkpw(mode, pw, len);
if (print || !tty_out) {
write(1, pw, len);
if(tty_out) write(1, "\n", 1);
}
pwlen = len;
}
if (copy_pw) copy(pw, pwlen);
alert(a_debug, "enciphering password");
break;
}
case delpw:{ /* kpw -d <acct> */
break;
}
case lspw: { /* kpw -t[p] [<prefix>] */
break;
}
case createdb: { /* kpw -C [<db>] */
alert(a_debug, "creating new database");
if (clobber)
alert(a_warn, "will clobber any existing database");
................................................................................
* prompt the user for a secret passphrase with
* which to encrypt the private key with.
*/
alert(a_notice, "database keypair generated, encrypting");
password dbpw;
size_t pwlen;
bad e = pwread(!print, dbpw, &pwlen, _str("- database passphrase: "));
if (e != ok) return e;
if (!print && isatty(0)) {
password dbpw_conf;
e = pwread(!print, dbpw_conf, NULL, _str("- confirm: "));
if (e != ok) return e;
if(strcmp(dbpw,dbpw_conf) != 0)
................................................................................
return bad_pw_match;
}
uint8_t salt[crypto_pwhash_SALTBYTES],
key[db_privkey_len];
uint8_t salt_enc[crypto_box_SEALBYTES + sz(salt)];
if (syscall(SYS_getrandom, salt, sz(salt), 0) == -1)
return bad_entropy;
if(crypto_pwhash(key, sz(key), dbpw, pwlen, salt,
crypto_pwhash_OPSLIMIT_INTERACTIVE,
crypto_pwhash_MEMLIMIT_INTERACTIVE,
crypto_pwhash_ALG_DEFAULT) != 0) {
return bad_mem;
}
for (size_t i = 0; i < sz(key); ++i) {
priv_enc[i] = priv[i] ^ key[i];
}
crypto_box_seal(salt_enc, salt, sz(salt), priv);
/* we have everything we need. now we create the
* file, failing if it already exists so as not
* to clobber anyone's passwords.
*/
int db;
const int flags = O_CREAT | O_WRONLY |
(clobber ? O_TRUNC : O_EXCL);
if(param == 0)
db = dbopen(flags);
else if (param == 1)
db = open(params[0], flags, 0600);
................................................................................
if (db == -1) return bad_db_create;
/* the file is safely created; all that's left to
* do is write out the header and then we can call
* it a day.
*/
write(db, pub, sz(pub));
write(db, salt, sz(salt));
write(db, priv_enc, sz(priv_enc));
write(db, salt_enc, sz(salt_enc));
close(db);
alert(a_debug, "database created");
break;
}
}
/* char buf[len+1]; */
/* *buf = 0; */
/* mkpw(mode,buf,len); */
/* write(1, buf, len + 1); */
# ifdef _CLIPBOARD
if (copy_pw) {
/* copy(buf,len); */
}
# endif
return ok;
|
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > < < < < < < < |
339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 ... 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 ... 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 ... 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 ... 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 |
} else {
printf("path is %s", dbpath);
db = open(dbpath, flags, 0600);
}
return db;
}
void bytedump(uint8_t* bytes, size_t sz) {
for (size_t i = 0; i < sz; ++i) {
char tpl[] ="\x1b[35m \x1b[m";
char* c = tpl + 5;
*c = bytes[i];
if (*c < ' ' || *c > '~') *c='.', write(2, tpl, sz(tpl));
else write(2, c, 1);
}
}
void hexdump(uint8_t* bytes, size_t sz) {
if(!_g_debug_msgs) return;
alert(a_debug, "printing hex dump");
uint8_t* st = bytes;
for (size_t i = 0; i < sz; ++i) {
char hex[5] = " ";
kitoa(16, bytes[i], hex, hex + 2, NULL, true);
write(2, hex, 4);
if(!((i+1)%8)) {
write(2, _str("│ "));
bytedump(st, 8);
write(2, "\n", 1);
st += 8;
} else if (i == sz - 1) {
write(2, _str("│ "));
bytedump(st, (bytes + sz) - st);
write(2, "\n", 1);
}
}
}
int
kpw(int argc, const char** argv) {
if (argc == 0) return bad_insane;
_g_binary_name = argv[0];
enum genmode
................................................................................
alert(a_debug, "converting length parameter to integer");
bad e = katoi(10, prm, &len);
if (e != ok) return bad_num;
} else alert(a_debug, "using default password length"),
len = default_pw_len;
alert(a_debug, "generating new password");
if (mkpw(mode, pw, len) == bad_entropy) return bad_entropy;
if (print || !tty_out) {
write(1, pw, len);
if(tty_out) write(1, "\n", 1);
}
pwlen = len;
}
if (copy_pw) copy(pw, pwlen);
alert(a_debug, "encoding database entry");
uint8_t acctlen = strlen(acct);
uint8_t plaintext[1 + acctlen +
1 + pwlen];
plaintext[0] = acctlen;
strncpy(plaintext + 1, acct, acctlen);
plaintext[1 + acctlen] = pwlen;
strncpy(plaintext + acctlen + 2, pw, pwlen);
hexdump(plaintext, sz(plaintext));
alert(a_debug, "enciphering database entry");
uint8_t ciphertext[sz(plaintext) + crypto_box_SEALBYTES];
crypto_box_seal(ciphertext, plaintext, sz(plaintext), key);
hexdump(ciphertext, sz(ciphertext));
alert(a_debug, "writing ciphertext to db");
uint8_t ciphertext_len = sz(ciphertext);
write(db, &ciphertext_len, 1);
write(db, &ciphertext, ciphertext_len);
close(db);
break;
}
case delpw:{ /* kpw -d <acct> */
break;
}
case lspw: { /* kpw -t[p] [<prefix>] */
alert(a_debug, "opening database for reading");
int db = dbopen(O_RDONLY);
if (db == -1) return bad_db_load;
password dbpw; size_t pwlen;
bad e = pwread(!print, dbpw, &pwlen,_str("database key: "));
uint8_t salt [crypto_pwhash_SALTBYTES],
key [db_privkey_len],
priv_enc [db_privkey_len],
priv [db_privkey_len],
pub [db_pubkey_len];
uint8_t salt_enc [crypto_box_SEALBYTES + sz(salt)],
salt_dec [sz(salt)];
bzero(salt_dec, sz(salt_dec));
alert(a_debug, "loading public key");
ssize_t sr = read(db, pub, sz(pub));
if (sr != sz(pub)) return bad_db_corrupt;
hexdump(pub, sz(pub));
alert(a_debug, "loading password salt");
sr = read(db, salt, sz(salt));
if (sr != sz(salt)) return bad_db_corrupt;
hexdump(salt, sz(salt));
alert(a_debug, "deriving secret");
if(crypto_pwhash(key, sz(key), dbpw, pwlen, salt,
crypto_pwhash_OPSLIMIT_INTERACTIVE,
crypto_pwhash_MEMLIMIT_INTERACTIVE,
crypto_pwhash_ALG_DEFAULT) != 0) {
return bad_mem;
}
hexdump(key, sz(key));
alert(a_debug, "loading encrypted private key");
read(db, priv_enc, sz(priv_enc));
hexdump(priv_enc, sz(priv_enc));
alert(a_debug, "decrypting private key");
for (size_t i = 0; i < sz(key); ++i) {
priv[i] = priv_enc[i] ^ key[i];
}
hexdump(priv, sz(priv));
alert(a_debug, "loading verification hash");
read(db, salt_enc, sz(salt_enc));
hexdump(salt_enc, sz(salt_enc));
alert(a_debug, "decrypting verification hash");
hexdump(pub, sz(pub));
hexdump(priv, sz(priv));
printf("sz salt_enc = %zu\n / crypto_box bytes = %zu", sz(salt_enc), crypto_box_SEALBYTES);
int r = crypto_box_seal_open(salt_dec, salt_enc,
sz(salt_enc), pub, priv);
printf("result code: %d\n",r);
hexdump(salt_dec, sz(salt_dec));
break;
}
case createdb: { /* kpw -C [<db>] */
alert(a_debug, "creating new database");
if (clobber)
alert(a_warn, "will clobber any existing database");
................................................................................
* prompt the user for a secret passphrase with
* which to encrypt the private key with.
*/
alert(a_notice, "database keypair generated, encrypting");
password dbpw;
size_t pwlen;
bad e = pwread(!print, dbpw, &pwlen, _str("- new database key: "));
if (e != ok) return e;
if (!print && isatty(0)) {
password dbpw_conf;
e = pwread(!print, dbpw_conf, NULL, _str("- confirm: "));
if (e != ok) return e;
if(strcmp(dbpw,dbpw_conf) != 0)
................................................................................
return bad_pw_match;
}
uint8_t salt[crypto_pwhash_SALTBYTES],
key[db_privkey_len];
uint8_t salt_enc[crypto_box_SEALBYTES + sz(salt)];
alert(a_debug, "generating salt");
if (syscall(SYS_getrandom, salt, sz(salt), 0) == -1)
return bad_entropy;
hexdump(salt, sz(salt));
alert(a_debug, "hashing database keyphrase");
if(crypto_pwhash(key, sz(key), dbpw, pwlen, salt,
crypto_pwhash_OPSLIMIT_INTERACTIVE,
crypto_pwhash_MEMLIMIT_INTERACTIVE,
crypto_pwhash_ALG_DEFAULT) != 0) {
return bad_mem;
}
alert(a_debug, "encrypting private key");
hexdump(priv, sz(priv));
for (size_t i = 0; i < sz(key); ++i) {
priv_enc[i] = priv[i] ^ key[i];
}
alert(a_debug, "private key encrypted");
hexdump(priv_enc, sz(priv_enc));
alert(a_debug, "encrypting salt");
crypto_box_seal(salt_enc, salt, sz(salt), priv);
hexdump(salt_enc, sz(salt_enc));
/* we have everything we need. now we create the
* file, failing if it already exists so as not
* to clobber anyone's passwords.
*/
alert(a_debug, "creating new database on disk");
int db;
const int flags = O_CREAT | O_WRONLY |
(clobber ? O_TRUNC : O_EXCL);
if(param == 0)
db = dbopen(flags);
else if (param == 1)
db = open(params[0], flags, 0600);
................................................................................
if (db == -1) return bad_db_create;
/* the file is safely created; all that's left to
* do is write out the header and then we can call
* it a day.
*/
alert(a_debug, "writing public key");
hexdump(pub, sz(pub));
write(db, pub, sz(pub));
write(db, salt, sz(salt));
write(db, priv_enc, sz(priv_enc));
write(db, salt_enc, sz(salt_enc));
close(db);
alert(a_debug, "database created");
break;
}
}
# ifdef _CLIPBOARD
if (copy_pw) {
/* copy(buf,len); */
}
# endif
return ok;
|