// SPDX-License-Identifier: MPL-2.0 #include #include extern "C" { #include "api.h" #include "argon2.h" #include "sha3.h" } #undef str #include #include #include #include #include #include #include #include #include #include #include #include #include #include using namespace std; namespace fs=filesystem; void secure_erase(void *address,size_t size) { explicit_bzero(address,size); } vector get_urandom(size_t n) { vector out(n); ifstream urandom("/dev/urandom",ios::binary); if (!urandom.is_open()) { throw runtime_error("open"); } urandom.read(reinterpret_cast(out.data()),n); if (urandom.gcount()!=static_cast(n)) { throw runtime_error("error"); } return out; } int main(int argc,char **argv) { ofstream core("/proc/self/coredump_filter"); if (!core) { cout<<"[Keygen] Error: can't setup security."< files; if (argc>1) { for (int i=1;i fbuf; vector sigsbuf(files.size()*CRYPTO_BYTES); vector pksbuf(files.size()*CRYPTO_PUBLICKEYBYTES); if (mlock(sigsbuf.data(),sigsbuf.size())!=0) { cout<<"[Keygen] Error: can't setup security."<(fbuf.data()),size)) { cout<<"[Keygen] Error: can't read file: "< hash(64); sha3(fbuf.data(),size,hash.data(),hash.size()); if (crypto_sign_signature(sig,&siglen,hash.data(),hash.size(),sk)) { cout<<"[Keygen] Error: can't generate signature for file: "<(sigsbuf.data()+i*CRYPTO_BYTES),CRYPTO_BYTES); sigfile.close(); if (set_files_to_user && user_info) { if (chown(sigpath.c_str(),user_info->pw_uid,user_info->pw_gid)!=0) { cout<<"[Keygen] Warning: couldn't change file "< passhex; passhex.resize(num); try { passhex=get_urandom(num); } catch (const exception e) { if (string(e.what())=="open") { cout<<"[Keygen] Error: can't open secure source of randomness."<(byte); } password=oss.str(); secure_erase(passhex.data(),passhex.size()); } else if (strlen(pwd)<=512){ password=string(pwd); char* confirm_pwd=getpass("[Keygen] Confirm password: "); string confirm_password(confirm_pwd); if (confirm_password!=password) { cout<<"[Keygen] Error: password don't correspond. Please try again."<=0x80) { cout<<"[Keygen] Error: one character isn't ASCII."<=0x80) { cout<<"[Keygen] Error: one character isn't ASCII."< passutf16(password.size()*2); for (int i=0;i salt(32); salt=get_urandom(32); vector seed; seed.resize(CRYPTO_SEEDBYTES); if (argon2id_hash_raw(3,262144,1,passutf16.data(),passutf16.size(),salt.data(),salt.size(),seed.data(),CRYPTO_SEEDBYTES)!=0) { cout<<"[Keygen] Error: can't generate seed from password."<\nUINT8 bp_key_mainsig["<pw_uid,user_info->pw_gid)!=0) { cout<<"[Keygen] Warning: couldn't change file \""<pw_uid,user_info->pw_gid)!=0) { cout<<"[Keygen] Warning: couldn't change file \""<