util  Diff

Differences From Artifact [f4297483ea]:

To Artifact [22f71ce9d0]:


339
340
341
342
343
344
345






























346
347
348
349
350
351
352
...
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468










469
470










471
472
473
474
475
476
477
478
























































479
480
481
482
483
484
485
...
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
...
519
520
521
522
523
524
525

526
527

528

529
530
531
532
533
534
535


536
537
538


539

540

541
542
543
544
545

546
547
548
549
550
551
552
...
554
555
556
557
558
559
560



561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
	} else {
		printf("path is %s", dbpath);
		db = open(dbpath, flags, 0600);
	}

	return db;
}































int
kpw(int argc, const char** argv) {
	if (argc == 0) return bad_insane;
	_g_binary_name = argv[0];

	enum genmode
................................................................................
					alert(a_debug, "converting length parameter to integer");
					bad e = katoi(10, prm, &len);
					if (e != ok) return bad_num;
				} else alert(a_debug, "using default password length"),
				       len = default_pw_len;

				alert(a_debug, "generating new password");
				mkpw(mode, pw, len);
				if (print || !tty_out) {
					write(1, pw, len);
					if(tty_out) write(1, "\n", 1);
				}
				pwlen = len;
			}
			if (copy_pw) copy(pw, pwlen);










			alert(a_debug, "enciphering password");











			break;
		}

		case delpw:{ /* kpw -d <acct> */
			break;
		}

		case lspw: { /* kpw -t[p] [<prefix>] */
























































			break;
		}

		case createdb: { /* kpw -C [<db>] */
			alert(a_debug, "creating new database");
			if (clobber)
				alert(a_warn, "will clobber any existing database");
................................................................................
			 * prompt  the user for a secret  passphrase with
			 * which to encrypt the private key with.
			 */

			alert(a_notice, "database keypair generated, encrypting");
			password dbpw;
			size_t pwlen;
			bad e = pwread(!print, dbpw, &pwlen, _str("- database passphrase: "));
			if (e != ok) return e;
			if (!print && isatty(0)) {
				password dbpw_conf;
				e = pwread(!print, dbpw_conf, NULL, _str("- confirm: "));
				if (e != ok) return e;

				if(strcmp(dbpw,dbpw_conf) != 0)
................................................................................
					return bad_pw_match;
			}

			uint8_t salt[crypto_pwhash_SALTBYTES],
			         key[db_privkey_len];
			uint8_t salt_enc[crypto_box_SEALBYTES + sz(salt)];


			if (syscall(SYS_getrandom, salt, sz(salt), 0) == -1)
				return bad_entropy;



			if(crypto_pwhash(key, sz(key), dbpw, pwlen, salt,
					crypto_pwhash_OPSLIMIT_INTERACTIVE,
					crypto_pwhash_MEMLIMIT_INTERACTIVE,
					crypto_pwhash_ALG_DEFAULT) != 0) {
				return bad_mem;
			}



			for (size_t i = 0; i < sz(key); ++i) {
				priv_enc[i] = priv[i] ^ key[i];
			}




			crypto_box_seal(salt_enc, salt, sz(salt), priv);


			/* we have everything we need. now we create the
			 * file, failing  if it already exists so as not
			 * to clobber anyone's passwords.
			 */

			int db;
			const int flags = O_CREAT | O_WRONLY |
				(clobber ? O_TRUNC : O_EXCL);
			if(param == 0)
				db = dbopen(flags);
			else if (param == 1)
				db = open(params[0], flags, 0600);
................................................................................

			if (db == -1) return bad_db_create;

			/* the file is safely created; all that's left to
			 * do is write out the header and then we can call
			 * it a day.
			 */



			write(db, pub, sz(pub));
			write(db, salt, sz(salt));
			write(db, priv_enc, sz(priv_enc));
			write(db, salt_enc, sz(salt_enc));
			close(db);

			alert(a_debug, "database created");
			break;
		}
	}

	

	/* char buf[len+1]; */
	/* *buf = 0; */
	/* mkpw(mode,buf,len); */
	/* write(1, buf, len + 1); */

#	ifdef _CLIPBOARD
		if (copy_pw) {
			/* copy(buf,len); */
		}
#	endif
	
	return ok;







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







 







|







>
>
>
>
>
>
>
>
>
>
|

>
>
>
>
>
>
>
>
>
>








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







 







|







 







>


>

>







>
>



>
>

>

>





>







 







>
>
>











<
<
<
<
<
<
<







339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
...
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
...
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
...
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
...
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690







691
692
693
694
695
696
697
	} else {
		printf("path is %s", dbpath);
		db = open(dbpath, flags, 0600);
	}

	return db;
}

void bytedump(uint8_t* bytes, size_t sz) {
	for (size_t i = 0; i < sz; ++i) {
		char tpl[] ="\x1b[35m \x1b[m";
		char* c = tpl + 5;
		*c = bytes[i];
		if (*c < ' ' || *c > '~') *c='.', write(2, tpl, sz(tpl));
		else write(2, c, 1);
	}
}
void hexdump(uint8_t* bytes, size_t sz) {
	if(!_g_debug_msgs) return;
	alert(a_debug, "printing hex dump");
	uint8_t* st = bytes;
	for (size_t i = 0; i < sz; ++i) {
		char hex[5] = "    ";
		kitoa(16, bytes[i], hex, hex + 2, NULL, true);
		write(2, hex, 4);
		if(!((i+1)%8)) {
			write(2, _str("│ "));
			bytedump(st, 8);
			write(2, "\n", 1);
			st += 8;
		} else if (i == sz - 1) {
			write(2, _str("│ "));
			bytedump(st, (bytes + sz) - st);
			write(2, "\n", 1);
		}
	}
}

int
kpw(int argc, const char** argv) {
	if (argc == 0) return bad_insane;
	_g_binary_name = argv[0];

	enum genmode
................................................................................
					alert(a_debug, "converting length parameter to integer");
					bad e = katoi(10, prm, &len);
					if (e != ok) return bad_num;
				} else alert(a_debug, "using default password length"),
				       len = default_pw_len;

				alert(a_debug, "generating new password");
				if (mkpw(mode, pw, len) == bad_entropy) return bad_entropy;
				if (print || !tty_out) {
					write(1, pw, len);
					if(tty_out) write(1, "\n", 1);
				}
				pwlen = len;
			}
			if (copy_pw) copy(pw, pwlen);
			alert(a_debug, "encoding database entry");
			uint8_t acctlen = strlen(acct);
			uint8_t plaintext[1 + acctlen +
			                  1 + pwlen];
			plaintext[0] = acctlen;
			strncpy(plaintext + 1, acct, acctlen);
			plaintext[1 + acctlen] = pwlen;
			strncpy(plaintext + acctlen + 2, pw, pwlen);
			hexdump(plaintext, sz(plaintext));

			alert(a_debug, "enciphering database entry");

			uint8_t ciphertext[sz(plaintext) + crypto_box_SEALBYTES];
			crypto_box_seal(ciphertext, plaintext, sz(plaintext), key);
			hexdump(ciphertext, sz(ciphertext));

			alert(a_debug, "writing ciphertext to db");
			uint8_t ciphertext_len = sz(ciphertext);
			write(db, &ciphertext_len, 1);
			write(db, &ciphertext, ciphertext_len);
			
			close(db);
			break;
		}

		case delpw:{ /* kpw -d <acct> */
			break;
		}

		case lspw: { /* kpw -t[p] [<prefix>] */
			alert(a_debug, "opening database for reading");
			int db = dbopen(O_RDONLY);
			if (db == -1) return bad_db_load;
			password dbpw; size_t pwlen;
			bad e = pwread(!print, dbpw, &pwlen,_str("database key: "));

			uint8_t salt     [crypto_pwhash_SALTBYTES],
			        key      [db_privkey_len],
			        priv_enc [db_privkey_len],
			        priv     [db_privkey_len],
					pub      [db_pubkey_len];
			uint8_t salt_enc [crypto_box_SEALBYTES + sz(salt)],
			        salt_dec [sz(salt)];
			bzero(salt_dec, sz(salt_dec));

			alert(a_debug, "loading public key");
			ssize_t sr = read(db, pub, sz(pub));
			if (sr != sz(pub)) return bad_db_corrupt;
			hexdump(pub, sz(pub));

			alert(a_debug, "loading password salt");
			sr = read(db, salt, sz(salt));
			if (sr != sz(salt)) return bad_db_corrupt;
			hexdump(salt, sz(salt));
			
			alert(a_debug, "deriving secret");
			if(crypto_pwhash(key, sz(key), dbpw, pwlen, salt,
					crypto_pwhash_OPSLIMIT_INTERACTIVE,
					crypto_pwhash_MEMLIMIT_INTERACTIVE,
					crypto_pwhash_ALG_DEFAULT) != 0) {
				return bad_mem;
			}
			hexdump(key, sz(key));

			alert(a_debug, "loading encrypted private key");
			read(db, priv_enc, sz(priv_enc));
			hexdump(priv_enc, sz(priv_enc));

			alert(a_debug, "decrypting private key");
			for (size_t i = 0; i < sz(key); ++i) {
				priv[i] = priv_enc[i] ^ key[i];
			}
			hexdump(priv, sz(priv));

			alert(a_debug, "loading verification hash");
			read(db, salt_enc, sz(salt_enc));
			hexdump(salt_enc, sz(salt_enc));

			alert(a_debug, "decrypting verification hash");
			hexdump(pub, sz(pub));
			hexdump(priv, sz(priv));
			printf("sz salt_enc = %zu\n / crypto_box bytes = %zu", sz(salt_enc), crypto_box_SEALBYTES);
			int r = crypto_box_seal_open(salt_dec, salt_enc,
					sz(salt_enc), pub, priv);
			printf("result code: %d\n",r);
			hexdump(salt_dec, sz(salt_dec));
			break;
		}

		case createdb: { /* kpw -C [<db>] */
			alert(a_debug, "creating new database");
			if (clobber)
				alert(a_warn, "will clobber any existing database");
................................................................................
			 * prompt  the user for a secret  passphrase with
			 * which to encrypt the private key with.
			 */

			alert(a_notice, "database keypair generated, encrypting");
			password dbpw;
			size_t pwlen;
			bad e = pwread(!print, dbpw, &pwlen, _str("- new database key: "));
			if (e != ok) return e;
			if (!print && isatty(0)) {
				password dbpw_conf;
				e = pwread(!print, dbpw_conf, NULL, _str("- confirm: "));
				if (e != ok) return e;

				if(strcmp(dbpw,dbpw_conf) != 0)
................................................................................
					return bad_pw_match;
			}

			uint8_t salt[crypto_pwhash_SALTBYTES],
			         key[db_privkey_len];
			uint8_t salt_enc[crypto_box_SEALBYTES + sz(salt)];

			alert(a_debug, "generating salt");
			if (syscall(SYS_getrandom, salt, sz(salt), 0) == -1)
				return bad_entropy;
			hexdump(salt, sz(salt));

			alert(a_debug, "hashing database keyphrase");
			if(crypto_pwhash(key, sz(key), dbpw, pwlen, salt,
					crypto_pwhash_OPSLIMIT_INTERACTIVE,
					crypto_pwhash_MEMLIMIT_INTERACTIVE,
					crypto_pwhash_ALG_DEFAULT) != 0) {
				return bad_mem;
			}

			alert(a_debug, "encrypting private key");
			hexdump(priv, sz(priv));
			for (size_t i = 0; i < sz(key); ++i) {
				priv_enc[i] = priv[i] ^ key[i];
			}
			alert(a_debug, "private key encrypted");
			hexdump(priv_enc, sz(priv_enc));

			alert(a_debug, "encrypting salt");
			crypto_box_seal(salt_enc, salt, sz(salt), priv);
			hexdump(salt_enc, sz(salt_enc));

			/* we have everything we need. now we create the
			 * file, failing  if it already exists so as not
			 * to clobber anyone's passwords.
			 */
			alert(a_debug, "creating new database on disk");
			int db;
			const int flags = O_CREAT | O_WRONLY |
				(clobber ? O_TRUNC : O_EXCL);
			if(param == 0)
				db = dbopen(flags);
			else if (param == 1)
				db = open(params[0], flags, 0600);
................................................................................

			if (db == -1) return bad_db_create;

			/* the file is safely created; all that's left to
			 * do is write out the header and then we can call
			 * it a day.
			 */
			alert(a_debug, "writing public key");
			hexdump(pub, sz(pub));

			write(db, pub, sz(pub));
			write(db, salt, sz(salt));
			write(db, priv_enc, sz(priv_enc));
			write(db, salt_enc, sz(salt_enc));
			close(db);

			alert(a_debug, "database created");
			break;
		}
	}








#	ifdef _CLIPBOARD
		if (copy_pw) {
			/* copy(buf,len); */
		}
#	endif
	
	return ok;