CryptoPassphrase  Check-in [007bd9985e]

Overview
Comment:Allow swappable memory

Most OSes and/or ulimits do not allow allocating such large amounts of
unswappable memory.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 007bd9985ecb5164a06dddc9aab2d18dbc34cc5bd7914abdea0ff1cd84dfdf51
User & Date: js on 2021-03-21 11:03:01
Other Links: manifest | tags
Context
2021-04-28
21:51
Adjust to ObjFW changes check-in: aec6746a96 user: js tags: trunk
2021-03-21
11:03
Allow swappable memory check-in: 007bd9985e user: js tags: trunk
2021-03-14
00:39
iOS: Restore the correct bundle identifier check-in: 65177d5465 user: js tags: trunk
Changes

Modified CryptoPassphrase.m from [2311d3b292] to [10bb34008e].

151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
	if (keyFilePath != nil)
		keyFile = [OFMutableData dataWithContentsOfFile: keyFilePath];

	passphraseCString = getpass(promptCString);
	passphraseLength = strlen(passphraseCString);
	@try {
		passphrase = [OFSecureData dataWithCount: passphraseLength + 1
				   allowsSwappableMemory: false];
		memcpy(passphrase.mutableItems, passphraseCString,
		    passphraseLength + 1);
	} @finally {
		of_explicit_memset(passphraseCString, '\0', passphraseLength);
	}

	if (_repeat) {







|







151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
	if (keyFilePath != nil)
		keyFile = [OFMutableData dataWithContentsOfFile: keyFilePath];

	passphraseCString = getpass(promptCString);
	passphraseLength = strlen(passphraseCString);
	@try {
		passphrase = [OFSecureData dataWithCount: passphraseLength + 1
				   allowsSwappableMemory: true];
		memcpy(passphrase.mutableItems, passphraseCString,
		    passphraseLength + 1);
	} @finally {
		of_explicit_memset(passphraseCString, '\0', passphraseLength);
	}

	if (_repeat) {

Modified LegacyPasswordGenerator.m from [95a7f2dfcf] to [3c0f69dc95].

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

	[siteHash updateWithBuffer: _site.UTF8String
			    length: _site.UTF8StringLength];

	[_output release];
	_output = nil;
	_output = [[OFSecureData alloc] initWithCount: _length + 1
				allowsSwappableMemory: false];

	passphraseLength = combinedPassphraseLength = _passphrase.count - 1;
	if (_keyFile != nil) {
		if (SIZE_MAX - combinedPassphraseLength < _keyFile.count)
			@throw [OFOutOfRangeException exception];

		combinedPassphraseLength += _keyFile.count;
	}

	combinedPassphrase = [OFSecureData
		    dataWithCount: combinedPassphraseLength
	    allowsSwappableMemory: false];
	combinedPassphraseItems = combinedPassphrase.mutableItems;
	memcpy(combinedPassphraseItems, _passphrase.items, passphraseLength);

	if (_keyFile != nil)
		memcpy(combinedPassphraseItems + passphraseLength,
		    _keyFile.items, _keyFile.count);

	outputItems = _output.mutableItems;
	of_scrypt((of_scrypt_parameters_t){
		.blockSize             = 8,
		.costFactor            = 524288,
		.parallelization       = 2,
		.salt                  = siteHash.digest,
		.saltLength            = [siteHash.class digestSize],
		.password              = combinedPassphraseItems,
		.passwordLength        = combinedPassphraseLength,
		.key                   = outputItems,
		.keyLength             = _length,
		.allowsSwappableMemory = false
	});

	/*
	 * This has a bias, however, this is what scrypt-genpass does and the
	 * legacy mode wants to be compatible to scrypt-genpass.
	 */
	outputItems[0] = "abcdefghijklmnopqrstuvwxyz"[outputItems[0] % 26];







|











|


















|







64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

	[siteHash updateWithBuffer: _site.UTF8String
			    length: _site.UTF8StringLength];

	[_output release];
	_output = nil;
	_output = [[OFSecureData alloc] initWithCount: _length + 1
				allowsSwappableMemory: true];

	passphraseLength = combinedPassphraseLength = _passphrase.count - 1;
	if (_keyFile != nil) {
		if (SIZE_MAX - combinedPassphraseLength < _keyFile.count)
			@throw [OFOutOfRangeException exception];

		combinedPassphraseLength += _keyFile.count;
	}

	combinedPassphrase = [OFSecureData
		    dataWithCount: combinedPassphraseLength
	    allowsSwappableMemory: true];
	combinedPassphraseItems = combinedPassphrase.mutableItems;
	memcpy(combinedPassphraseItems, _passphrase.items, passphraseLength);

	if (_keyFile != nil)
		memcpy(combinedPassphraseItems + passphraseLength,
		    _keyFile.items, _keyFile.count);

	outputItems = _output.mutableItems;
	of_scrypt((of_scrypt_parameters_t){
		.blockSize             = 8,
		.costFactor            = 524288,
		.parallelization       = 2,
		.salt                  = siteHash.digest,
		.saltLength            = [siteHash.class digestSize],
		.password              = combinedPassphraseItems,
		.passwordLength        = combinedPassphraseLength,
		.key                   = outputItems,
		.keyLength             = _length,
		.allowsSwappableMemory = true
	});

	/*
	 * This has a bias, however, this is what scrypt-genpass does and the
	 * legacy mode wants to be compatible to scrypt-genpass.
	 */
	outputItems[0] = "abcdefghijklmnopqrstuvwxyz"[outputItems[0] % 26];

Modified NewPasswordGenerator.m from [1155a2350b] to [85e48149ff].

51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

	[siteHash updateWithBuffer: _site.UTF8String
			    length: _site.UTF8StringLength];

	[_output release];
	_output = nil;
	_output = [[OFSecureData alloc] initWithCount: _length + 1
				allowsSwappableMemory: false];

	passphraseLength = combinedPassphraseLength = _passphrase.count - 1;
	if (_keyFile != nil) {
		if (SIZE_MAX - combinedPassphraseLength < _keyFile.count)
			@throw [OFOutOfRangeException exception];

		combinedPassphraseLength += _keyFile.count;
	}

	combinedPassphrase = [OFSecureData
		    dataWithCount: combinedPassphraseLength
	    allowsSwappableMemory: false];
	combinedPassphraseItems = combinedPassphrase.mutableItems;
	memcpy(combinedPassphraseItems, _passphrase.items, passphraseLength);

	if (_keyFile != nil)
		memcpy(combinedPassphraseItems + passphraseLength,
		    _keyFile.items, _keyFile.count);

	outputItems = _output.mutableItems;
	of_scrypt((of_scrypt_parameters_t){
		.blockSize             = 8,
		.costFactor            = 524288,
		.parallelization       = 2,
		.salt                  = siteHash.digest,
		.saltLength            = [siteHash.class digestSize],
		.password              = combinedPassphraseItems,
		.passwordLength        = combinedPassphraseLength,
		.key                   = outputItems,
		.keyLength             = _length,
		.allowsSwappableMemory = false
	});

	for (size_t i = 0; i < _length; i++)
		outputItems[i] =
		    "123456789"
		    "abcdefghijkmnopqrstuvwxyz"
		    "ABCDEFGHJKLMNPQRSTUVWXYZ"
		    "#$%-=?"[outputItems[i] & 0x3F];
}
@end







|











|


















|










51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

	[siteHash updateWithBuffer: _site.UTF8String
			    length: _site.UTF8StringLength];

	[_output release];
	_output = nil;
	_output = [[OFSecureData alloc] initWithCount: _length + 1
				allowsSwappableMemory: true];

	passphraseLength = combinedPassphraseLength = _passphrase.count - 1;
	if (_keyFile != nil) {
		if (SIZE_MAX - combinedPassphraseLength < _keyFile.count)
			@throw [OFOutOfRangeException exception];

		combinedPassphraseLength += _keyFile.count;
	}

	combinedPassphrase = [OFSecureData
		    dataWithCount: combinedPassphraseLength
	    allowsSwappableMemory: true];
	combinedPassphraseItems = combinedPassphrase.mutableItems;
	memcpy(combinedPassphraseItems, _passphrase.items, passphraseLength);

	if (_keyFile != nil)
		memcpy(combinedPassphraseItems + passphraseLength,
		    _keyFile.items, _keyFile.count);

	outputItems = _output.mutableItems;
	of_scrypt((of_scrypt_parameters_t){
		.blockSize             = 8,
		.costFactor            = 524288,
		.parallelization       = 2,
		.salt                  = siteHash.digest,
		.saltLength            = [siteHash.class digestSize],
		.password              = combinedPassphraseItems,
		.passwordLength        = combinedPassphraseLength,
		.key                   = outputItems,
		.keyLength             = _length,
		.allowsSwappableMemory = true
	});

	for (size_t i = 0; i < _length; i++)
		outputItems[i] =
		    "123456789"
		    "abcdefghijkmnopqrstuvwxyz"
		    "ABCDEFGHJKLMNPQRSTUVWXYZ"
		    "#$%-=?"[outputItems[i] & 0x3F];
}
@end