Overview
| Comment: | my monster liiiiives |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
5089ec59d3defea859326376fc3e5d4e |
| User & Date: | lexi on 2019-08-15 12:31:05 |
| Other Links: | manifest | tags |
Context
|
2019-08-15
| ||
| 23:49 | fix missing return that was breaking build under clang, add ability to delete records check-in: 178e52ca55 user: lexi tags: trunk | |
| 12:31 | my monster liiiiives check-in: 5089ec59d3 user: lexi tags: trunk | |
| 11:24 | FUCK THIS SHIT check-in: 218f1d20c2 user: lexi tags: trunk | |
Changes
Modified kpw.d/errtab from [59271087af] to [763d2287dd].
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
user kpw started as wrong user option unrecognized option passed syntax invalid invocation syntax entropy could not acquire entropy copy could not copy password pipe could not create pipe insane your environment is not sane db_create database could not be created db_load database could not be read db_corrupt database corrupt cancel user canceled operation notice pw invalid password pw_match passwords do not match usage usage displayed to user debug 64 lib unspecified library error fatal 128 lib_sodium_init could not initialize libsodium |
> |
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
user kpw started as wrong user
option unrecognized option passed
syntax invalid invocation syntax
entropy could not acquire entropy
copy could not copy password
pipe could not create pipe
insane your environment is not sane
index no such entry in database
db_create database could not be created
db_load database could not be read
db_corrupt database corrupt
cancel user canceled operation notice
pw invalid password
pw_match passwords do not match
usage usage displayed to user debug 64
lib unspecified library error fatal 128
lib_sodium_init could not initialize libsodium
|
Modified kpw.d/kpw.c from [22f71ce9d0] to [7a6fbd2214].
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 ... 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 ... 349 350 351 352 353 354 355 356 357 358 359 360 361 362 ... 369 370 371 372 373 374 375 376 377 378 379 380 381 382 ... 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 ... 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 ... 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 |
pstr account;
pstr pw;
};
enum term_clear {term_clear_line,
term_clear_screen};
void term_clear(enum term_clear behavior) {
switch(behavior) {
case term_clear_line: write(1,"\r\x1b[2K",5); break;
case term_clear_screen: write(1,"\r\x1b[3J",5); break;
}
}
void term_bell() {
write(1,"\a",1);
}
typedef char password[kpw_db_pw_max + 1];
bad pwread(bool obscure, char* dest, size_t* out_len, const char* prompt, const size_t plen) {
if (isatty(0)) {
struct termios initial; {
/* in order to take PW input, we need to shut
* off echo and canonical mode. now we're in
* charge of reading each keypress. */
tcgetattr(1, &initial);
struct termios nt = initial;
nt.c_lflag &= (~ECHO & ~ICANON);
tcsetattr(1, TCSANOW, &nt);
}
*dest = 0;
char* p = dest;
do {
term_clear(term_clear_line);
if (_g_term_type[1] >= ansi_term) write(1, "\x1b[1m", 4);
write(1, prompt, plen);
if (_g_term_type[1] >= ansi_term) write(1, "\x1b[21m", 5);
if (obscure) for(size_t i = 0; i < p - dest; ++i)
write(1, "*", 1);
else write(1, dest, p-dest);
char c;
if (read(0, &c, 1) == 1) {
switch (c) {
case '\n': case '\r':
/* accept pw */
if (p > dest) goto end_read_loop;
else break;
case '\x1b': /* escape */
term_clear(term_clear_line);
return bad_cancel;
case '\b': case '\x7f':
if (p > dest) *p--=0;
else term_bell();
break;
default:
if (p - dest != 64) *p++=c;
else term_bell();
}
} else {
/* either EOF or an error - either way,
* we're finished here */
break;
}
} while(1);
end_read_loop: term_clear(term_clear_line);
*p = 0;
if (out_len!=NULL) *out_len = p - dest;
/* return the terminal to normal */
tcsetattr(1, TCSANOW, &initial);
} else {
alert(a_warn, "reading pw from standard input");
ssize_t ct = read(0, dest, kpw_db_pw_max);
dest[ct] = 0;
}
}
#include <stdio.h>
int
dbopen(int flags) {
const char* dbpath = getenv("kpw_db");
int db;
if (dbpath == NULL) {
const char* cfg = getenv("XDG_CONFIG_HOME");
if (cfg == NULL) {
................................................................................
char buf[cfglen + path[1].len + 1];
bzero(buf, sz(buf));
impose(path, sz(path), NULL, buf);
db = open(buf, flags, 0600);
}
} else {
printf("path is %s", dbpath);
db = open(dbpath, flags, 0600);
}
return db;
}
void bytedump(uint8_t* bytes, size_t sz) {
................................................................................
char tpl[] ="\x1b[35m \x1b[m";
char* c = tpl + 5;
*c = bytes[i];
if (*c < ' ' || *c > '~') *c='.', write(2, tpl, sz(tpl));
else write(2, c, 1);
}
}
void hexdump(uint8_t* bytes, size_t sz) {
if(!_g_debug_msgs) return;
alert(a_debug, "printing hex dump");
uint8_t* st = bytes;
for (size_t i = 0; i < sz; ++i) {
char hex[5] = " ";
kitoa(16, bytes[i], hex, hex + 2, NULL, true);
................................................................................
} else if (i == sz - 1) {
write(2, _str("│ "));
bytedump(st, (bytes + sz) - st);
write(2, "\n", 1);
}
}
}
int
kpw(int argc, const char** argv) {
if (argc == 0) return bad_insane;
_g_binary_name = argv[0];
enum genmode
................................................................................
return bad_usage;
}
if (sodium_init() < 0)
return bad_lib_sodium_init;
switch(op) {
case getpw:{ /* kpw <acct> */
break;
}
case genpw: /* kpw -g[lmu] <acct> [<len>] */
case addpw: { /* kpw -a <acct> [<pw>] */
if (param > 2 || param < 1) return bad_syntax;
const char* acct = params[0],
* prm = (param == 2 ? params[1] : NULL);
alert(a_debug, "opening database");
................................................................................
break;
}
case delpw:{ /* kpw -d <acct> */
break;
}
case lspw: { /* kpw -t[p] [<prefix>] */
alert(a_debug, "opening database for reading");
int db = dbopen(O_RDONLY);
if (db == -1) return bad_db_load;
password dbpw; size_t pwlen;
bad e = pwread(!print, dbpw, &pwlen,_str("database key: "));
uint8_t salt [crypto_pwhash_SALTBYTES],
key [db_privkey_len],
priv_enc [db_privkey_len],
priv [db_privkey_len],
pub [db_pubkey_len];
uint8_t salt_enc [crypto_box_SEALBYTES + sz(salt)],
salt_dec [sz(salt)];
bzero(salt_dec, sz(salt_dec));
alert(a_debug, "loading public key");
ssize_t sr = read(db, pub, sz(pub));
if (sr != sz(pub)) return bad_db_corrupt;
hexdump(pub, sz(pub));
alert(a_debug, "loading password salt");
sr = read(db, salt, sz(salt));
if (sr != sz(salt)) return bad_db_corrupt;
hexdump(salt, sz(salt));
alert(a_debug, "deriving secret");
if(crypto_pwhash(key, sz(key), dbpw, pwlen, salt,
crypto_pwhash_OPSLIMIT_INTERACTIVE,
crypto_pwhash_MEMLIMIT_INTERACTIVE,
crypto_pwhash_ALG_DEFAULT) != 0) {
return bad_mem;
}
hexdump(key, sz(key));
alert(a_debug, "loading encrypted private key");
read(db, priv_enc, sz(priv_enc));
hexdump(priv_enc, sz(priv_enc));
alert(a_debug, "decrypting private key");
for (size_t i = 0; i < sz(key); ++i) {
priv[i] = priv_enc[i] ^ key[i];
}
hexdump(priv, sz(priv));
alert(a_debug, "loading verification hash");
read(db, salt_enc, sz(salt_enc));
hexdump(salt_enc, sz(salt_enc));
alert(a_debug, "decrypting verification hash");
hexdump(pub, sz(pub));
hexdump(priv, sz(priv));
printf("sz salt_enc = %zu\n / crypto_box bytes = %zu", sz(salt_enc), crypto_box_SEALBYTES);
int r = crypto_box_seal_open(salt_dec, salt_enc,
sz(salt_enc), pub, priv);
printf("result code: %d\n",r);
hexdump(salt_dec, sz(salt_dec));
break;
}
case createdb: { /* kpw -C [<db>] */
alert(a_debug, "creating new database");
if (clobber)
alert(a_warn, "will clobber any existing database");
/* before we open our new file, we need to generate
................................................................................
for (size_t i = 0; i < sz(key); ++i) {
priv_enc[i] = priv[i] ^ key[i];
}
alert(a_debug, "private key encrypted");
hexdump(priv_enc, sz(priv_enc));
alert(a_debug, "encrypting salt");
crypto_box_seal(salt_enc, salt, sz(salt), priv);
hexdump(salt_enc, sz(salt_enc));
/* we have everything we need. now we create the
* file, failing if it already exists so as not
* to clobber anyone's passwords.
*/
alert(a_debug, "creating new database on disk");
|
| | | | | > > > > | | | | | | | | | | | | | > > < < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > < < | < | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | > > > > > > > > > > > > > > > > | |
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 ... 338 339 340 341 342 343 344 345 346 347 348 349 350 351 ... 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 ... 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 ... 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 ... 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 ... 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 |
pstr account;
pstr pw;
};
enum term_clear {term_clear_line,
term_clear_screen};
void term_clear(int tty, enum term_clear behavior) {
switch(behavior) {
case term_clear_line: write(tty,"\r\x1b[2K",5); break;
case term_clear_screen: write(tty,"\r\x1b[3J",5); break;
}
}
void term_bell(int tty) {
write(tty,"\a",1);
}
typedef char password[kpw_db_pw_max + 1];
bad pwread(bool obscure, char* dest, size_t* out_len, const char* prompt, const size_t plen) {
if (isatty(0)) {
int tty = 1;
if (!isatty(tty)) tty = open("/dev/tty", O_WRONLY);
if (tty == -1) return bad_insane;
struct termios initial; {
/* in order to take PW input, we need to shut
* off echo and canonical mode. now we're in
* charge of reading each keypress. */
tcgetattr(tty, &initial);
struct termios nt = initial;
nt.c_lflag &= (~ECHO & ~ICANON);
tcsetattr(tty, TCSANOW, &nt);
}
*dest = 0;
char* p = dest;
do {
term_clear(tty,term_clear_line);
if (_g_term_type[0] >= ansi_term) write(tty, "\x1b[1m", 4);
write(tty, prompt, plen);
if (_g_term_type[0] >= ansi_term) write(tty, "\x1b[21m", 5);
if (obscure) for(size_t i = 0; i < p - dest; ++i)
write(tty, "*", 1);
else write(tty, dest, p-dest);
char c;
if (read(0, &c, 1) == 1) {
switch (c) {
case '\n': case '\r':
/* accept pw */
if (p > dest) goto end_read_loop;
else break;
case '\x1b': /* escape */
term_clear(tty, term_clear_line);
return bad_cancel;
case '\b': case '\x7f':
if (p > dest) *p--=0;
else term_bell(tty);
break;
default:
if (p - dest != 64) *p++=c;
else term_bell(tty);
}
} else {
/* either EOF or an error - either way,
* we're finished here */
break;
}
} while(1);
end_read_loop: term_clear(tty, term_clear_line);
*p = 0;
if (out_len!=NULL) *out_len = p - dest;
/* return the terminal to normal */
tcsetattr(tty, TCSANOW, &initial);
if (tty != 1) close(tty);
} else {
alert(a_warn, "reading pw from standard input");
ssize_t ct = read(0, dest, kpw_db_pw_max);
dest[ct] = 0;
}
}
int
dbopen(int flags) {
const char* dbpath = getenv("kpw_db");
int db;
if (dbpath == NULL) {
const char* cfg = getenv("XDG_CONFIG_HOME");
if (cfg == NULL) {
................................................................................
char buf[cfglen + path[1].len + 1];
bzero(buf, sz(buf));
impose(path, sz(path), NULL, buf);
db = open(buf, flags, 0600);
}
} else {
db = open(dbpath, flags, 0600);
}
return db;
}
void bytedump(uint8_t* bytes, size_t sz) {
................................................................................
char tpl[] ="\x1b[35m \x1b[m";
char* c = tpl + 5;
*c = bytes[i];
if (*c < ' ' || *c > '~') *c='.', write(2, tpl, sz(tpl));
else write(2, c, 1);
}
}
void hexdump(uint8_t* bytes, size_t sz) {
if(!_g_debug_msgs) return;
alert(a_debug, "printing hex dump");
uint8_t* st = bytes;
for (size_t i = 0; i < sz; ++i) {
char hex[5] = " ";
kitoa(16, bytes[i], hex, hex + 2, NULL, true);
................................................................................
} else if (i == sz - 1) {
write(2, _str("│ "));
bytedump(st, (bytes + sz) - st);
write(2, "\n", 1);
}
}
}
enum bad
dbdecrypt(int db, uint8_t* pubkey, uint8_t* privkey) {
password dbpw; size_t pwlen;
bad e = pwread(true, dbpw, &pwlen,_str("database key: "));
uint8_t salt [crypto_pwhash_SALTBYTES],
key [db_privkey_len],
priv_enc [db_privkey_len],
priv [db_privkey_len],
pub [db_pubkey_len];
uint8_t salt_enc [crypto_box_SEALBYTES + sz(salt)],
salt_dec [sz(salt)];
alert(a_debug, "loading public key");
ssize_t sr = read(db, pub, sz(pub));
if (sr != sz(pub)) return bad_db_corrupt;
hexdump(pub, sz(pub));
alert(a_debug, "loading password salt");
sr = read(db, salt, sz(salt));
if (sr != sz(salt)) return bad_db_corrupt;
hexdump(salt, sz(salt));
alert(a_debug, "deriving secret");
if(crypto_pwhash(key, sz(key), dbpw, pwlen, salt,
crypto_pwhash_OPSLIMIT_INTERACTIVE,
crypto_pwhash_MEMLIMIT_INTERACTIVE,
crypto_pwhash_ALG_DEFAULT) != 0) {
return bad_mem;
}
hexdump(key, sz(key));
alert(a_debug, "loading encrypted private key");
read(db, priv_enc, sz(priv_enc));
hexdump(priv_enc, sz(priv_enc));
alert(a_debug, "decrypting private key");
for (size_t i = 0; i < sz(key); ++i) {
priv[i] = priv_enc[i] ^ key[i];
}
hexdump(priv, sz(priv));
alert(a_debug, "loading verification hash");
read(db, salt_enc, sz(salt_enc));
hexdump(salt_enc, sz(salt_enc));
alert(a_debug, "decrypting verification hash");
int r = crypto_box_seal_open(salt_dec, salt_enc,
sz(salt_enc), pub, priv);
if (r != 0) return bad_pw;
hexdump(salt_dec, sz(salt_dec));
if (memcmp(salt,salt_dec,sz(salt)) != 0) return bad_db_corrupt;
/* TODO refactor to avoid unnecessary memcpy */
memcpy(privkey, priv, sz(priv));
memcpy(pubkey, pub, sz(pub));
return ok;
}
#include<stdio.h>
void bright(int fd, const char* str, size_t len) {
if (_g_term_type[fd] >= ansi_term) write(fd, _str("\x1b[1m"));
write(fd, str, len);
if (_g_term_type[fd] >= ansi_term) write(fd, _str("\x1b[21m"));
}
int
kpw(int argc, const char** argv) {
if (argc == 0) return bad_insane;
_g_binary_name = argv[0];
enum genmode
................................................................................
return bad_usage;
}
if (sodium_init() < 0)
return bad_lib_sodium_init;
switch(op) {
case genpw: /* kpw -g[lmu] <acct> [<len>] */
case addpw: { /* kpw -a <acct> [<pw>] */
if (param > 2 || param < 1) return bad_syntax;
const char* acct = params[0],
* prm = (param == 2 ? params[1] : NULL);
alert(a_debug, "opening database");
................................................................................
break;
}
case delpw:{ /* kpw -d <acct> */
break;
}
case getpw: /* kpw <acct> */
case lspw: { /* kpw -t[p] [<prefix>] */
alert(a_debug, "opening database for reading");
int db = dbopen(O_RDONLY);
if (db == -1) return bad_db_load;
const char* target;
if (param == 1) target = params[0];
else if (param == 0) target = NULL;
else return bad_syntax;
uint8_t priv [db_privkey_len],
pub [db_pubkey_len];
/* try to decrypt db */ {
bad e = dbdecrypt(db,pub,priv);
if (e != ok) return e;
/* TODO allow multiple tries */
}
/* cursor should now be positioned
* on first record */
alert(a_debug, "beginning to scan records");
read_rec: {
uint8_t acctlen;
if (read(db, &acctlen, 1) != 1)
goto done_reading;
uint8_t ciphertext[acctlen];
if (read(db, &ciphertext, acctlen) != acctlen)
return bad_db_corrupt;
alert(a_debug, "scanned record");
hexdump(ciphertext, sz(ciphertext));
uint8_t plaintext[sz(ciphertext) - crypto_box_SEALBYTES];
if(crypto_box_seal_open(plaintext, ciphertext, sz(ciphertext), pub, priv) != 0)
return bad_db_corrupt;
alert(a_debug, "record deciphered");
hexdump(plaintext, sz(plaintext));
uint8_t record_name_len = plaintext[0],
record_pw_len = plaintext[record_name_len + 1];
pstr record_name = {record_name_len, plaintext + 1},
record_pw = {record_pw_len,
plaintext + record_name_len + 2};
if(op == lspw) {
bright(1, record_name.ptr, record_name.len);
if (print || !isatty(1)) {
write(1, ": ", 2);
write(1, record_pw.ptr, record_pw.len);
}
write(1, "\n", 1);
} else if (op == getpw) {
if (strncmp(record_name.ptr,target,record_name.len) == 0) {
if (print || _g_term_type[1] == plain_term) {
write(1, record_pw.ptr, record_pw.len);
if(_g_term_type[1] > plain_term)
write(1, "\n", 1);
}
if (_g_term_type[1] > plain_term) {
if (copy_pw) copy(record_pw.ptr, record_pw.len);
}
goto done_reading;
}
}
goto read_rec;
}
return bad_index;
done_reading: break;
}
case createdb: { /* kpw -C [<db>] */
alert(a_debug, "creating new database");
if (clobber)
alert(a_warn, "will clobber any existing database");
/* before we open our new file, we need to generate
................................................................................
for (size_t i = 0; i < sz(key); ++i) {
priv_enc[i] = priv[i] ^ key[i];
}
alert(a_debug, "private key encrypted");
hexdump(priv_enc, sz(priv_enc));
alert(a_debug, "encrypting salt");
crypto_box_seal(salt_enc, salt, sz(salt), pub);
hexdump(salt_enc, sz(salt_enc));
/* we have everything we need. now we create the
* file, failing if it already exists so as not
* to clobber anyone's passwords.
*/
alert(a_debug, "creating new database on disk");
|