nihilist/mkp224o
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

near passkeys skip/warn modes & help tweak

Browse Source
This commit is contained in:
cathugger 2023-09-06 01:00:04 +03:00
parent 42e4d3a5fc
commit 80e1bd0b47
No known key found for this signature in database
GPG Key ID: 9BADDA2DAF6F01A8
5 changed files with 72 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
main.c
View File

@ -96,43 +96,49 @@ static void printhelp(FILE *out,const char *progname)
" %s -f FILTERFILE [OPTION]\n"
"Options:\n"
" -f FILTERFILE specify filter file which contains filters separated\n"
" by newlines\n"
" -D deduplicate filters\n"
" -q do not print diagnostic output to stderr\n"
" -x do not print onion names\n"
" -v print more diagnostic data\n"
" -o FILENAME output onion names to specified file (append)\n"
" -O FILENAME output onion names to specified file (overwrite)\n"
" -F include directory names in onion names output\n"
" -d DIRNAME output directory\n"
" by newlines.\n"
" -D deduplicate filters.\n"
" -q do not print diagnostic output to stderr.\n"
" -x do not print onion names.\n"
" -v print more diagnostic data.\n"
" -o FILENAME output onion names to specified file (append).\n"
" -O FILENAME output onion names to specified file (overwrite).\n"
" -F include directory names in onion names output.\n"
" -d DIRNAME output directory.\n"
" -t NUMTHREADS specify number of threads to utilise\n"
" (default - try detecting CPU core count)\n"
" -j NUMTHREADS same as -t\n"
" -n NUMKEYS specify number of keys (default - 0 - unlimited)\n"
" -N NUMWORDS specify number of words per key (default - 1)\n"
" -Z deprecated, does nothing\n"
" -z deprecated, does nothing\n"
" -B use batching key generation method (current default)\n"
" -s print statistics each 10 seconds\n"
" -S SECONDS print statistics every specified amount of seconds\n"
" -T do not reset statistics counters when printing\n"
" (default - try detecting CPU core count).\n"
" -j NUMTHREADS same as -t.\n"
" -n NUMKEYS specify number of keys (default - 0 - unlimited).\n"
" -N NUMWORDS specify number of words per key (default - 1).\n"
" -Z deprecated, does nothing.\n"
" -z deprecated, does nothing.\n"
" -B use batching key generation method (current default).\n"
" -s print statistics each 10 seconds.\n"
" -S SECONDS print statistics every specified amount of seconds.\n"
" -T do not reset statistics counters when printing.\n"
" -y output generated keys in YAML format instead of\n"
" dumping them to filesystem\n"
" dumping them to filesystem.\n"
" -Y [FILENAME [host.onion]]\n"
" parse YAML encoded input and extract key(s) to\n"
" filesystem\n"
" filesystem.\n"
#ifdef PASSPHRASE
" -p PASSPHRASE use passphrase to initialize the random seed with\n"
" -p PASSPHRASE use passphrase to initialize the random seed with.\n"
" -P same as -p, but takes passphrase from PASSPHRASE\n"
" environment variable\n"
" environment variable.\n"
" --checkpoint filename\n"
" load/save checkpoint of progress to specified file\n"
" (requires passphrase)\n"
" (requires passphrase).\n"
" --skipnear skip near passphrase keys; you probably want this\n"
" because of improved safety unless you're trying to\n"
" regenerate an old key; possible future default.\n"
" --warnnear print warning about passphrase key being near another\n"
" (safety hazard); prefer --skipnear to this unless\n"
" you're regenerating an old key.\n"
#endif
" --rawyaml raw (unprefixed) public/secret keys for -y/-Y\n"
" (may be useful for tor controller API)\n"
" -h, --help, --usage print help to stdout and quit\n"
" -V, --version print version information to stdout and exit\n"
" (may be useful for tor controller API).\n"
" -h, --help, --usage print help to stdout and quit.\n"
" -V, --version print version information to stdout and exit.\n"
,progname,progname);
fflush(out);
}
@ -332,6 +338,10 @@ int main(int argc,char **argv)
else
e_additional();
}
else if (!strcmp(arg,"skipnear"))
pw_skipnear = 1;
else if (!strcmp(arg,"warnnear"))
pw_warnnear = 1;
#endif // PASSPHRASE
else {
fprintf(stderr,"unrecognised argument: --%s\n",arg);
@ -597,8 +607,13 @@ int main(int argc,char **argv)
#ifdef PASSPHRASE
if (deterministic) {
if (!quietflag && numneedgenerate != 1)
fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n");
if (!quietflag && numneedgenerate != 1 && !pw_skipnear && !pw_warnnear)
fprintf(stderr,
// 0 1 2 3 4 5 6 7
// 01234567890123456789012345678901234567890123456789012345678901234567890123456789
"CAUTION: avoid using keys generated with the same password for unrelated\n"
" services, as single leaked key may help an attacker to regenerate\n"
" related keys; to silence this warning, pass --skipnear or --warnnear.\n");
if (checkpointfile) {
memcpy(orig_determseed,determseed,sizeof(determseed));
// Read current checkpoint position if file exists

11
worker.c
View File

@ -58,6 +58,8 @@ size_t workdirlen = 0;
pthread_mutex_t determseed_mutex;
u8 determseed[SEED_LEN];
int pw_skipnear = 0;
int pw_warnnear = 0;
#endif
@ -71,7 +73,7 @@ char *makesname(void)
return sname;
}
static void onionready(char *sname,const u8 *secret,const u8 *pubonion)
static void onionready(char *sname,const u8 *secret,const u8 *pubonion,int warnnear)
{
if (endwork)
return;
@ -122,6 +124,13 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion)
}
if (fout) {
pthread_mutex_lock(&fout_mutex);
#ifdef PASSPHRASE
const char * const pwarn = " warn:near\n";
if (warnnear)
strcpy(&sname[onionendpos],pwarn);
const size_t oprintlen = printlen;
const size_t printlen = oprintlen + (warnnear ? strlen(pwarn)-1 : 0);
#endif
fwrite(&sname[printstartpos],printlen,1,fout);
fflush(fout);
pthread_mutex_unlock(&fout_mutex);

2
worker.h
View File

@ -33,6 +33,8 @@ VEC_STRUCT(statsvec,struct statstruct);
#ifdef PASSPHRASE
extern pthread_mutex_t determseed_mutex;
extern u8 determseed[SEED_LEN];
extern int pw_skipnear;
extern int pw_warnnear;
#endif
extern void worker_init(void);

2
worker_batch.inc.h
View File

@ -102,7 +102,7 @@ initseed:
pk[PUBLIC_LEN + 2] = 0x03;
// full name
strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
onionready(sname,secret,pubonion.raw);
onionready(sname,secret,pubonion.raw,0);
pk[PUBLIC_LEN] = 0; // what is this for?
// don't reuse same seed
goto initseed;

18
worker_batch_pass.inc.h
View File

@ -38,17 +38,21 @@ void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task)
sname = makesname();
int seednear;
initseed:
#ifdef STATISTICS
++st->numrestart.v;
#endif
seednear = 0;
pthread_mutex_lock(&determseed_mutex);
for (int i = 0; i < SEED_LEN; i++)
if (++determseed[i])
break;
memcpy(seed, determseed, SEED_LEN);
memcpy(seed,determseed,SEED_LEN);
pthread_mutex_unlock(&determseed_mutex);
ed25519_seckey_expand(sk,seed);
@ -112,8 +116,12 @@ initseed:
pk[PUBLIC_LEN + 2] = 0x03;
// full name
strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
onionready(sname,secret,pubonion.raw);
onionready(sname,secret,pubonion.raw,seednear && pw_warnnear);
pk[PUBLIC_LEN] = 0; // what is this for?
if (pw_skipnear)
goto initseed;
seednear = 1;
});
next:
;
@ -180,8 +188,12 @@ initseed:
pk[PUBLIC_LEN + 2] = 0x03;
// full name
strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
onionready(sname,secret,pubonion.raw);
onionready(sname,secret,pubonion.raw,seednear && pw_warnnear);
pk[PUBLIC_LEN] = 0; // what is this for?
if (pw_skipnear)
goto initseed;
seednear = 1;
});
next2:
;