akulij/age-passgen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: akulij:b6be7799b909ca47ed1ab20b444072972558c87a
Branches Tags
akulij:main
akulij:v1.1.0
akulij:v1.0.1
akulij:v1.0.0
akulij:v0.2.0
akulij:v0.1.1
akulij:v0.1.0
..
compare: akulij:b47de3e1b667ca73bc18d5f2c9503ee01dc0e960
Branches Tags
akulij:main
akulij:v1.1.0
akulij:v1.0.1
akulij:v1.0.0
akulij:v0.2.0
akulij:v0.1.1
akulij:v0.1.0

3 Commits
b6be7799b9 ... b47de3e1b6

Author SHA1 Message Date
akulij
b47de3e1b6 implement hex/raw input 2025-03-03 00:18:43 +00:00
akulij
9cde36c5c2 rename 'sum' variable that contains hashed password to more appropriate name 'secretKey' 2025-03-03 00:18:43 +00:00
akulij
181ac703ae add --input-type flag 2025-03-03 00:18:37 +00:00
1 changed files with 105 additions and 10 deletions
Show Stats Expand all files Collapse all files

109
cmd/age-passgen/main.go
View File

@ -1,6 +1,7 @@
package main
import (
"encoding/hex"
"errors"
"flag"
"fmt"
@ -10,6 +11,7 @@ import (
"os/signal"
"slices"
"strconv"
"strings"
"syscall"
"time"
"unsafe"
@ -33,6 +35,7 @@ Options:
-o, --output OUTPUT Write the result to the file at path OUTPUT.
--raw-output Print stripped keys (without additional text or comments)
--entropy-level VALUE Manages required strenght of password (more info down below)
--input-type TYPE Type of input from stdin. Can be 'password' (default), 'hash', 'raw'
Mostly similar to age-keygen
Required password strenght can be changes via --entropy-level flag. Possible values
@ -46,10 +49,19 @@ Each word or number is mapped following this list:
- stupid - no limit
`
type InputType int
const (
InputPassword InputType = iota
InputHash
InputRaw
)
type Flags struct {
RawOutput bool
OutputFile string
EntropyLevel int
InputType InputType
}
func main() {
@ -59,18 +71,27 @@ func main() {
errorf("error while parsing arguments: %s\n", err)
}
passbytes, err := getPasswordBytes()
var secretKey [curve25519.ScalarSize]byte
if flags.InputType == InputPassword {
secretKey, err = getInputPassword(flags.EntropyLevel)
if err != nil {
errorf("Failed to get password, error: %s\n", err)
}
valid := isEntropyValid(passbytes, flags.EntropyLevel)
if !valid {
errorf("You should choose stroger password!!! (or change entropy level, read more with --help)\n")
} else if flags.InputType == InputHash {
secretKey, err = getInputHash()
if err != nil {
errorf("Failed to read hash, error: %s\n", err)
}
} else if flags.InputType == InputRaw {
secretKey, err = getInputRaw()
if err != nil {
errorf("Failed to read raw data, error: %s\n", err)
}
} else {
errorf("No such input type implemented!!!")
}
sum := sha256.Sum256(passbytes)
k, err := newX25519IdentityFromScalar(sum[:])
k, err := newX25519IdentityFromScalar(secretKey[:])
if err != nil {
errorf("internal error: %v", err)
}
@ -100,6 +121,57 @@ func main() {
}
}
func getInputPassword(entropyLevel int) ([curve25519.ScalarSize]byte, error) {
passbytes, err := getPasswordBytes()
if err != nil {
return [curve25519.ScalarSize]byte{}, err
}
valid := isEntropyValid(passbytes, entropyLevel)
if !valid {
return [curve25519.ScalarSize]byte{}, errors.New("You should choose stroger password!!! (or change entropy level, read more with --help)\n")
}
return sha256.Sum256(passbytes), nil
}
func getInputHash() ([curve25519.ScalarSize]byte, error) {
hashStringBytes, err := getPasswordBytes()
if err != nil {
return [curve25519.ScalarSize]byte{}, err
}
hashString := strings.TrimSpace(string(hashStringBytes))
passbytes, err := hex.DecodeString(hashString)
if err != nil {
fmt.Printf("HEXSTR:%s|\n", hashString)
return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Unable to decode hash, error: %s\n", err))
}
if len(passbytes) != curve25519.ScalarSize {
return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Wrong input lenght of sha256 hash! (may be it is not a hash at all) Expected %d bytes, got: %d\n", curve25519.ScalarSize, len(passbytes)))
}
// making `possibly` stack allocated out of the one in heap
var key [curve25519.ScalarSize]byte
copy(key[:], passbytes)
return key, nil
}
func getInputRaw() ([curve25519.ScalarSize]byte, error) {
passbytes, err := getPasswordBytes()
if err != nil {
return [curve25519.ScalarSize]byte{}, err
}
if len(passbytes) != curve25519.ScalarSize {
return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Wrong amount of entered data! Expected %d bytes, got: %d\n", curve25519.ScalarSize, len(passbytes)))
}
// making `possibly` stack allocated out of the one in heap
var key [curve25519.ScalarSize]byte
copy(key[:], passbytes)
return key, nil
}
func setSystemSignalHandlers() {
go handleSigpipe()
}
@ -123,12 +195,14 @@ func parseFlags() (*Flags, error) {
rawOutput bool
outputFile string
entropyLevel string
inputType string
)
flag.BoolVar(&rawOutput, "raw-output", false, "Print stripped keys (without additional text or comments)")
flag.StringVar(&outputFile, "o", "", "Write the result to the file at path OUTPUT")
flag.StringVar(&outputFile, "output", "", "Write the result to the file at path OUTPUT")
flag.StringVar(&entropyLevel, "entropy-level", "medium", "Manages required strenght of password. Read more in --help")
flag.StringVar(&inputType, "input-type", "password", "Type of input from stdin. Can be 'password' (default), 'hash', 'raw'")
flag.Parse()
eLevel, err := parseEntropyLevel(entropyLevel)
@ -136,13 +210,34 @@ func parseFlags() (*Flags, error) {
return nil, err
}
iType, err := parseInputType(inputType)
if err != nil {
return nil, err
}
return &Flags{
RawOutput: rawOutput,
OutputFile: outputFile,
EntropyLevel: eLevel,
InputType: iType,
}, nil
}
func parseInputType(inputType string) (InputType, error) {
m := map[string]InputType{
"password": InputPassword,
"hash": InputHash,
"raw": InputRaw,
}
iType, ok := m[inputType]
if !ok {
return InputPassword, errors.New("wrong input type")
}
return iType, nil
}
func parseEntropyLevel(entropyLevel string) (int, error) {
if i, err := strconv.Atoi(entropyLevel); err == nil {
if i == 0 {