phantom/mkp224o
1
0
Fork 0
mirror of https://github.com/cathugger/mkp224o.git synced 2025-01-09 11:07:19 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

near passkeys skip/warn modes & help tweak

Browse source
This commit is contained in:
cathugger 2023-09-06 01:00:04 +03:00
parent 42e4d3a5fc
commit 80e1bd0b47
No known key found for this signature in database
GPG key ID: 9BADDA2DAF6F01A8
5 changed files with 72 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
main.c
View file

@ -96,43 +96,49 @@ static void printhelp(FILE *out,const char *progname)
" %s -f FILTERFILE [OPTION]\n" " %s -f FILTERFILE [OPTION]\n"
"Options:\n" "Options:\n"
" -f FILTERFILE specify filter file which contains filters separated\n" " -f FILTERFILE specify filter file which contains filters separated\n"
" by newlines\n" " by newlines.\n"
" -D deduplicate filters\n" " -D deduplicate filters.\n"
" -q do not print diagnostic output to stderr\n" " -q do not print diagnostic output to stderr.\n"
" -x do not print onion names\n" " -x do not print onion names.\n"
" -v print more diagnostic data\n" " -v print more diagnostic data.\n"
" -o FILENAME output onion names to specified file (append)\n" " -o FILENAME output onion names to specified file (append).\n"
" -O FILENAME output onion names to specified file (overwrite)\n" " -O FILENAME output onion names to specified file (overwrite).\n"
" -F include directory names in onion names output\n" " -F include directory names in onion names output.\n"
" -d DIRNAME output directory\n" " -d DIRNAME output directory.\n"
" -t NUMTHREADS specify number of threads to utilise\n" " -t NUMTHREADS specify number of threads to utilise\n"
" (default - try detecting CPU core count)\n" " (default - try detecting CPU core count).\n"
" -j NUMTHREADS same as -t\n" " -j NUMTHREADS same as -t.\n"
" -n NUMKEYS specify number of keys (default - 0 - unlimited)\n" " -n NUMKEYS specify number of keys (default - 0 - unlimited).\n"
" -N NUMWORDS specify number of words per key (default - 1)\n" " -N NUMWORDS specify number of words per key (default - 1).\n"
" -Z deprecated, does nothing\n" " -Z deprecated, does nothing.\n"
" -z deprecated, does nothing\n" " -z deprecated, does nothing.\n"
" -B use batching key generation method (current default)\n" " -B use batching key generation method (current default).\n"
" -s print statistics each 10 seconds\n" " -s print statistics each 10 seconds.\n"
" -S SECONDS print statistics every specified amount of seconds\n" " -S SECONDS print statistics every specified amount of seconds.\n"
" -T do not reset statistics counters when printing\n" " -T do not reset statistics counters when printing.\n"
" -y output generated keys in YAML format instead of\n" " -y output generated keys in YAML format instead of\n"
" dumping them to filesystem\n" " dumping them to filesystem.\n"
" -Y [FILENAME [host.onion]]\n" " -Y [FILENAME [host.onion]]\n"
" parse YAML encoded input and extract key(s) to\n" " parse YAML encoded input and extract key(s) to\n"
" filesystem\n" " filesystem.\n"
#ifdef PASSPHRASE #ifdef PASSPHRASE
" -p PASSPHRASE use passphrase to initialize the random seed with\n" " -p PASSPHRASE use passphrase to initialize the random seed with.\n"
" -P same as -p, but takes passphrase from PASSPHRASE\n" " -P same as -p, but takes passphrase from PASSPHRASE\n"
" environment variable\n" " environment variable.\n"
" --checkpoint filename\n" " --checkpoint filename\n"
" load/save checkpoint of progress to specified file\n" " load/save checkpoint of progress to specified file\n"
" (requires passphrase)\n" " (requires passphrase).\n"
" --skipnear skip near passphrase keys; you probably want this\n"
" because of improved safety unless you're trying to\n"
" regenerate an old key; possible future default.\n"
" --warnnear print warning about passphrase key being near another\n"
" (safety hazard); prefer --skipnear to this unless\n"
" you're regenerating an old key.\n"
#endif #endif
" --rawyaml raw (unprefixed) public/secret keys for -y/-Y\n" " --rawyaml raw (unprefixed) public/secret keys for -y/-Y\n"
" (may be useful for tor controller API)\n" " (may be useful for tor controller API).\n"
" -h, --help, --usage print help to stdout and quit\n" " -h, --help, --usage print help to stdout and quit.\n"
" -V, --version print version information to stdout and exit\n" " -V, --version print version information to stdout and exit.\n"
,progname,progname); ,progname,progname);
fflush(out); fflush(out);
} }
@ -332,6 +338,10 @@ int main(int argc,char **argv)
else else
e_additional(); e_additional();
} }
else if (!strcmp(arg,"skipnear"))
pw_skipnear = 1;
else if (!strcmp(arg,"warnnear"))
pw_warnnear = 1;
#endif // PASSPHRASE #endif // PASSPHRASE
else { else {
fprintf(stderr,"unrecognised argument: --%s\n",arg); fprintf(stderr,"unrecognised argument: --%s\n",arg);
@ -597,8 +607,13 @@ int main(int argc,char **argv)
#ifdef PASSPHRASE #ifdef PASSPHRASE
if (deterministic) { if (deterministic) {
if (!quietflag && numneedgenerate != 1) if (!quietflag && numneedgenerate != 1 && !pw_skipnear && !pw_warnnear)
fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n"); fprintf(stderr,
// 0 1 2 3 4 5 6 7
// 01234567890123456789012345678901234567890123456789012345678901234567890123456789
"CAUTION: avoid using keys generated with the same password for unrelated\n"
" services, as single leaked key may help an attacker to regenerate\n"
" related keys; to silence this warning, pass --skipnear or --warnnear.\n");
if (checkpointfile) { if (checkpointfile) {
memcpy(orig_determseed,determseed,sizeof(determseed)); memcpy(orig_determseed,determseed,sizeof(determseed));
// Read current checkpoint position if file exists // Read current checkpoint position if file exists

11
worker.c
View file

@ -58,6 +58,8 @@ size_t workdirlen = 0;
pthread_mutex_t determseed_mutex; pthread_mutex_t determseed_mutex;
u8 determseed[SEED_LEN]; u8 determseed[SEED_LEN];
int pw_skipnear = 0;
int pw_warnnear = 0;
#endif #endif
@ -71,7 +73,7 @@ char *makesname(void)
return sname; return sname;
} }
static void onionready(char *sname,const u8 *secret,const u8 *pubonion) static void onionready(char *sname,const u8 *secret,const u8 *pubonion,int warnnear)
{ {
if (endwork) if (endwork)
return; return;
@ -122,6 +124,13 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion)
} }
if (fout) { if (fout) {
pthread_mutex_lock(&fout_mutex); pthread_mutex_lock(&fout_mutex);
#ifdef PASSPHRASE
const char * const pwarn = " warn:near\n";
if (warnnear)
strcpy(&sname[onionendpos],pwarn);
const size_t oprintlen = printlen;
const size_t printlen = oprintlen + (warnnear ? strlen(pwarn)-1 : 0);
#endif
fwrite(&sname[printstartpos],printlen,1,fout); fwrite(&sname[printstartpos],printlen,1,fout);
fflush(fout); fflush(fout);
pthread_mutex_unlock(&fout_mutex); pthread_mutex_unlock(&fout_mutex);

2
worker.h
View file

@ -33,6 +33,8 @@ VEC_STRUCT(statsvec,struct statstruct);
#ifdef PASSPHRASE #ifdef PASSPHRASE
extern pthread_mutex_t determseed_mutex; extern pthread_mutex_t determseed_mutex;
extern u8 determseed[SEED_LEN]; extern u8 determseed[SEED_LEN];
extern int pw_skipnear;
extern int pw_warnnear;
#endif #endif
extern void worker_init(void); extern void worker_init(void);

2
worker_batch.inc.h
View file

@ -102,7 +102,7 @@ initseed:
pk[PUBLIC_LEN + 2] = 0x03; pk[PUBLIC_LEN + 2] = 0x03;
// full name // full name
strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
onionready(sname,secret,pubonion.raw); onionready(sname,secret,pubonion.raw,0);
pk[PUBLIC_LEN] = 0; // what is this for? pk[PUBLIC_LEN] = 0; // what is this for?
// don't reuse same seed // don't reuse same seed
goto initseed; goto initseed;

18
worker_batch_pass.inc.h
View file

@ -38,17 +38,21 @@ void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task)
sname = makesname(); sname = makesname();
int seednear;
initseed: initseed:
#ifdef STATISTICS #ifdef STATISTICS
++st->numrestart.v; ++st->numrestart.v;
#endif #endif
seednear = 0;
pthread_mutex_lock(&determseed_mutex); pthread_mutex_lock(&determseed_mutex);
for (int i = 0; i < SEED_LEN; i++) for (int i = 0; i < SEED_LEN; i++)
if (++determseed[i]) if (++determseed[i])
break; break;
memcpy(seed, determseed, SEED_LEN); memcpy(seed,determseed,SEED_LEN);
pthread_mutex_unlock(&determseed_mutex); pthread_mutex_unlock(&determseed_mutex);
ed25519_seckey_expand(sk,seed); ed25519_seckey_expand(sk,seed);
@ -112,8 +116,12 @@ initseed:
pk[PUBLIC_LEN + 2] = 0x03; pk[PUBLIC_LEN + 2] = 0x03;
// full name // full name
strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
onionready(sname,secret,pubonion.raw); onionready(sname,secret,pubonion.raw,seednear && pw_warnnear);
pk[PUBLIC_LEN] = 0; // what is this for? pk[PUBLIC_LEN] = 0; // what is this for?
if (pw_skipnear)
goto initseed;
seednear = 1;
}); });
next: next:
; ;
@ -180,8 +188,12 @@ initseed:
pk[PUBLIC_LEN + 2] = 0x03; pk[PUBLIC_LEN + 2] = 0x03;
// full name // full name
strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion"); strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
onionready(sname,secret,pubonion.raw); onionready(sname,secret,pubonion.raw,seednear && pw_warnnear);
pk[PUBLIC_LEN] = 0; // what is this for? pk[PUBLIC_LEN] = 0; // what is this for?
if (pw_skipnear)
goto initseed;
seednear = 1;
}); });
next2: next2:
; ;