diff options
| -rw-r--r-- | Makefile | 26 | ||||
| -rw-r--r-- | src/autopasswd.c | 81 |
2 files changed, 72 insertions, 35 deletions
@@ -3,17 +3,16 @@ # notice and this notice are preserved. This file is offered as-is, # without any warranty. -OPTIMISE = -Ofast +OPTIMISE = -O0 -WARN = -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self -Wmissing-include-dirs \ - -Wtrampolines -Wfloat-equal -Wshadow -Wmissing-prototypes -Wmissing-declarations \ - -Wredundant-decls -Wnested-externs -Winline -Wno-variadic-macros -Wsign-conversion \ - -Wswitch-default -Wconversion -Wsync-nand -Wunsafe-loop-optimizations -Wcast-align \ - -Wstrict-overflow -Wundef -Wbad-function-cast -Wcast-qual -Wwrite-strings -Wpacked \ - -Wlogical-op -Waggregate-return -Wstrict-prototypes -Wold-style-definition \ - -Wvector-operation-performance -Wunsuffixed-float-constants -Wsuggest-attribute=const \ - -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsuggest-attribute=format \ - -Wnormalized=nfkc -pedantic -Wdeclaration-after-statement +WARN = -Wall -Wextra -pedantic -Wdouble-promotion -Wformat=2 -Winit-self -Wmissing-include-dirs \ + -Wtrampolines -Wfloat-equal -Wshadow -Wmissing-prototypes -Wmissing-declarations \ + -Wredundant-decls -Wnested-externs -Winline -Wno-variadic-macros -Wswitch-default \ + -Wsync-nand -Wunsafe-loop-optimizations -Wcast-align -Wstrict-overflow -Wundef \ + -Wbad-function-cast -Wcast-qual -Wpacked -Wlogical-op -Wstrict-prototypes -Wconversion \ + -Wold-style-definition -Wvector-operation-performance -Wunsuffixed-float-constants \ + -Wsuggest-attribute=const -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure \ + -Wsuggest-attribute=format -Wnormalized=nfkc -Wdeclaration-after-statement F_OPTS = -ftree-vrp -fstrict-aliasing -fipa-pure-const -fstack-usage -fstrict-overflow \ -funsafe-loop-optimizations -fno-builtin @@ -22,7 +21,7 @@ X = STD = c99 -FLAGS = $(OPTIMISE) -std=$(STD) $(WARN) $(F_OPTS) $(X) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DWITH_C99 +FLAGS = $(OPTIMISE) -std=$(STD) $(F_OPTS) $(X) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DWITH_C99 all: bin/autopasswd @@ -33,7 +32,12 @@ bin/autopasswd: obj/autopasswd.o obj/sha3.o obj/%.o: src/%.c src/sha3.h @mkdir -p obj + $(CC) $(FLAGS) $(WARN) -c -o $@ $< + +obj/sha3.o: src/sha3.c src/sha3.h + @mkdir -p obj $(CC) $(FLAGS) -c -o $@ $< + clean: -rm -r bin obj diff --git a/src/autopasswd.c b/src/autopasswd.c index 13b6f77..8582932 100644 --- a/src/autopasswd.c +++ b/src/autopasswd.c @@ -116,7 +116,7 @@ -static inline char* last_arg(char* arg) +static char* last_arg(char* arg) { return *(args_opts_get(arg) + (args_opts_get_count(arg) - 1)); } @@ -135,7 +135,6 @@ int main(int argc, char** argv) long keccak_state_size_ = KECCAK_STATE_SIZE; long keccak_capacity_ = keccak_state_size_ - (keccak_output_ << 1); long keccak_bitrate_ = keccak_state_size_ - keccak_capacity_; - long keccak_word_size_ = keccak_state_size_ / 25; long keccak_squeezes = KECCAK_SQUEEZES; int output__ = 0; int state_size__ = 0; @@ -149,13 +148,16 @@ int main(int argc, char** argv) long bitrate_, keccak_bitrate; long word_size_, keccak_word_size; long squeezes_; - char* site; + byte* site; char* passphrase; - uint8_t* digest; + byte* passphrase_hash; + int_fast8_t* digest; char* base64; size_t ptr64; size_t ptr; char* master_passphrase_hash; + size_t passphrase_n; + size_t site_n; /* Parse command line arguments. */ @@ -229,7 +231,7 @@ int main(int argc, char** argv) } if (args_opts_used("--clear-mode")) { - clear_mode = args_opts_get_count("--clear-mode"); + clear_mode = (int)args_opts_get_count("--clear-mode"); } if (args_opts_used("--verbose")) { @@ -237,7 +239,7 @@ int main(int argc, char** argv) } if (args_opts_used("--bump-level")) { - size_t n = args_opts_get_count("--bump-level"); + size_t n = (size_t)args_opts_get_count("--bump-level"); char** arr = args_opts_get("--bump-level"); char* arg; for (ptr = 0; ptr < n; ptr++) @@ -429,7 +431,7 @@ int main(int argc, char** argv) } /* Read site. */ - site = malloc(site_size * sizeof(char)); + site = malloc(site_size * sizeof(byte)); if (site == NULL) { perror(*argv); @@ -438,9 +440,19 @@ int main(int argc, char** argv) } fprintf(stderr, "%s", SITE_PROMPT_STRING); fflush(stderr); - for (ptr = 0;;) + for (site_n = 0;;) { int c = getchar(); + if (site_n == site_size) + { + site = realloc(site, (site_size <<= 1) * sizeof(byte)); + if (site == NULL) + { + perror(*argv); + passphrase_disable_echo(); + return 1; + } + } if (c == -1) { free(site); @@ -448,11 +460,8 @@ int main(int argc, char** argv) return 0; } if (c == '\n') - { - *(site + ptr) = 0; - break; - } - *(site + ptr++) = (char)c; + break; + *(site + site_n++) = (char)c; } /* Disable echoing. (Should be done as soon as possible after reading site.) */ @@ -479,21 +488,44 @@ int main(int argc, char** argv) /* Reset terminal settings. */ passphrase_reenable_echo(); + /* Measure passphrase length. */ + passphrase_n = strlen(passphrase); + + /* Translate password to sha3.h friendly format. */ + passphrase_hash = malloc((passphrase_n + 1) * sizeof(byte)); + if (passphrase_hash == NULL) + { + perror(*argv); + memset(passphrase, 0, passphrase_n * sizeof(char)); + free(passphrase); + return 1; + } + else + { + for (ptr = 0; ptr <= passphrase_n; ptr++) + *(passphrase_hash + ptr) = *(passphrase + ptr); + /* Wipe source password, however it is not yet secure to free it. (Should be done as sone as possible.) */ + memset(passphrase, 0, passphrase_n * sizeof(char)); + } + /* Hash and display master passphrase so hint the user whether it as typed correctly or not. */ master_passphrase_hash = malloc((MASTER_PASSPHRASE_KECCAK_OUTPUT * 2 + 1) * sizeof(char)); if (master_passphrase_hash == NULL) { perror(*argv); + memset(passphrase_hash, 0, passphrase_n * sizeof(byte)); + free(passphrase_hash); + free(passphrase); return 1; } - digest = sha3_digest(passphrase, strlen(passphrase), MASTER_PASSPHRASE_KECCAK_SQUEEZES == 1); + digest = sha3_digest(passphrase_hash, (long)passphrase_n, MASTER_PASSPHRASE_KECCAK_SQUEEZES == 1); if (MASTER_PASSPHRASE_KECCAK_SQUEEZES > 2) sha3_fastSqueeze(MASTER_PASSPHRASE_KECCAK_SQUEEZES - 2); if (MASTER_PASSPHRASE_KECCAK_SQUEEZES > 1) digest = sha3_squeeze(); for (ptr = 0; ptr < (MASTER_PASSPHRASE_KECCAK_OUTPUT + 7) / 8; ptr++) { - uint8_t v = *(digest + ptr); + uint8_t v = (uint8_t)*(digest + ptr); *(master_passphrase_hash + ptr * 2 + 0) = HEXADECA[(v >> 4) & 15]; *(master_passphrase_hash + ptr * 2 + 1) = HEXADECA[(v >> 0) & 15]; } @@ -505,16 +537,17 @@ int main(int argc, char** argv) sha3_initialise(keccak_bitrate, keccak_capacity, keccak_output); /* Add passphrase to Keccak sponge input. */ - sha3_update(passphrase, strlen(passphrase)); + sha3_update(passphrase_hash, (long)passphrase_n); /* Clear passphrase from memory. (Should be done as sone as possible.) */ - memset(passphrase, 0, strlen(passphrase)); + memset(passphrase, 0, passphrase_n * sizeof(char)); + free(passphrase_hash); free(passphrase); /* Add site to Keccak sponge input. */ free(digest); /* (Should be done after wiping passphrase.) */ free(master_passphrase_hash); /* (Should be done after wiping passphrase.) */ - digest = sha3_digest(site, strlen(site), keccak_squeezes == 1); + digest = sha3_digest(site, (long)site_n, keccak_squeezes == 1); /* Release resources. */ free(site); @@ -529,20 +562,20 @@ int main(int argc, char** argv) sha3_dispose(); /* Encode with base64 (no invalid character, shorter than hexadecimal.) */ - base64 = malloc((4 * ((((keccak_output + 7) / 8) + 2) / 3) + 2) * sizeof(char)); + base64 = malloc((4 * (((((size_t)keccak_output + 7) / 8) + 2) / 3) + 2) * sizeof(char)); if (base64 == NULL) { perror(*argv); free(digest); free(base64); } - for (ptr = ptr64 = 0; ptr < (keccak_output + 7) / 8; ptr64 += 4) + for (ptr = ptr64 = 0; ptr < (size_t)((keccak_output + 7) / 8); ptr64 += 4) { - uint32_t a = ptr < ((keccak_output + 7) / 8) ? digest[ptr++] : 0; - uint32_t b = ptr < ((keccak_output + 7) / 8) ? digest[ptr++] : 0; - uint32_t c = ptr < ((keccak_output + 7) / 8) ? digest[ptr++] : 0; + uint8_t a = (uint8_t)(ptr < (size_t)((keccak_output + 7) / 8) ? digest[ptr++] : 0); + uint8_t b = (uint8_t)(ptr < (size_t)((keccak_output + 7) / 8) ? digest[ptr++] : 0); + uint8_t c = (uint8_t)(ptr < (size_t)((keccak_output + 7) / 8) ? digest[ptr++] : 0); - uint32_t abc = (a << 16) | (b << 8) | (c << 0); + uint32_t abc = ((uint32_t)a << 16) | ((uint32_t)b << 8) | ((uint32_t)c << 0); base64[ptr64 | 0] = BASE64[(abc >> (3 * 6)) & 63]; base64[ptr64 | 1] = BASE64[(abc >> (2 * 6)) & 63]; |