implement hex/raw input

in previous method if press ctrl-c during password enter terminal echo
kept off. It was possible to fix it to set `stty echo` in sigint
handler, but this solution is more elegant

README.md

@@ -1,6 +1,5 @@
 # Generate age keys from passphrase
 
-## Description
 This utility (age-passgen) generates secret and public keys (into stdout) from your entered passphrase or piped stdin
 Strong password highly recomended
 
@@ -10,5 +9,6 @@ Exact amount of required characters can be calculated by formula: $\lceil 256 /
 
 
 ## TODO
-[X] piped/terminal output as raw/verbose
+- [X] piped/terminal output as raw/verbose
-[ ] handle broken pipe signal since program will so much depend on pipes
+- [X] handle broken pipe signal since program will so much depend on pipes
+- [ ] option to read hex number that will be used instead of hash of password (usefull if user already has sha 256 hash of smth or want to use something else as input instead)

cmd/age-passgen/main.go

@@ -1,14 +1,18 @@
 package main
 
 import (
+	"encoding/hex"
 	"errors"
 	"flag"
 	"fmt"
 	"io"
 	"log"
 	"os"
+	"os/signal"
 	"slices"
 	"strconv"
+	"strings"
+	"syscall"
 	"time"
 	"unsafe"
 
@@ -31,6 +35,7 @@ Options:
     -o, --output OUTPUT       Write the result to the file at path OUTPUT.
     --raw-output              Print stripped keys (without additional text or comments)
     --entropy-level VALUE     Manages required strenght of password (more info down below)
+    --input-type TYPE         Type of input from stdin. Can be 'password' (default), 'hash', 'raw'
 
 Mostly similar to age-keygen
 Required password strenght can be changes via --entropy-level flag. Possible values
@@ -44,39 +49,49 @@ Each word or number is mapped following this list:
 - stupid         - no limit
 `
 
+type InputType int
+
+const (
+	InputPassword InputType = iota
+	InputHash
+	InputRaw
+)
+
+type Flags struct {
+	RawOutput    bool
+	OutputFile   string
+	EntropyLevel int
+	InputType    InputType
+}
+
 func main() {
-	log.SetFlags(0)
+	setSystemSignalHandlers()
-	flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s", usage) }
+	flags, err := parseFlags()
-
-	var (
-		rawOutput    bool
-		outputFile   string
-		entropyLevel string
-	)
-
-	flag.BoolVar(&rawOutput, "raw-output", false, "Print stripped keys (without additional text or comments)")
-	flag.StringVar(&outputFile, "o", "", "Write the result to the file at path OUTPUT")
-	flag.StringVar(&outputFile, "output", "", "Write the result to the file at path OUTPUT")
-	flag.StringVar(&entropyLevel, "entropy-level", "medium", "Manages required strenght of password. Read more in --help")
-	flag.Parse()
-
-	eLevel, err := parseEntropyLevel(entropyLevel)
 	if err != nil {
-		errorf("error while parsing --entropy-level argument: %s\n", err)
+		errorf("error while parsing arguments: %s\n", err)
 	}
 
-	passbytes, err := getPasswordBytes()
+	var secretKey [curve25519.ScalarSize]byte
+	if flags.InputType == InputPassword {
+		secretKey, err = getInputPassword(flags.EntropyLevel)
 		if err != nil {
 			errorf("Failed to get password, error: %s\n", err)
 		}
-	valid := isEntropyValid(passbytes, eLevel)
+	} else if flags.InputType == InputHash {
-	if !valid {
+		secretKey, err = getInputHash()
-		errorf("You should choose stroger password!!! (or change entropy level, read more with --help)\n")
+		if err != nil {
+			errorf("Failed to read hash, error: %s\n", err)
+		}
+	} else if flags.InputType == InputRaw {
+		secretKey, err = getInputRaw()
+		if err != nil {
+			errorf("Failed to read raw data, error: %s\n", err)
+		}
+	} else {
+		errorf("No such input type implemented!!!")
 	}
 
-	sum := sha256.Sum256(passbytes)
+	k, err := newX25519IdentityFromScalar(secretKey[:])
-
-	k, err := newX25519IdentityFromScalar(sum[:])
 	if err != nil {
 		errorf("internal error: %v", err)
 	}
@@ -84,8 +99,8 @@ func main() {
 	// if user is not seeing private keyfile, which also contains public key,
 	// also duplicate public key it to stderr,
 	// but if user sees public key via stdout, no need for duplication
-	if outputFile != "" {
+	if flags.OutputFile != "" {
-		if !rawOutput {
+		if !flags.RawOutput {
 			fmt.Printf("Public key: %s\n", k.Recipient())
 		} else {
 			fmt.Printf("%s", k.Recipient())
@@ -93,19 +108,136 @@ func main() {
 	}
 
 	output := os.Stdout
-	if outputFile != "" {
+	if flags.OutputFile != "" {
-		output, err = os.Create(outputFile)
+		output, err = os.Create(flags.OutputFile)
 		if err != nil {
 			errorf("failed to create output file, error: %s", err)
 		}
 	}
 
-	err = writeSecretKey(output, k, !rawOutput)
+	err = writeSecretKey(output, k, !flags.RawOutput)
 	if err != nil {
 		fmt.Printf("Failed to write secret key to file, error: %s\n", err)
 	}
 }
 
+func getInputPassword(entropyLevel int) ([curve25519.ScalarSize]byte, error) {
+	passbytes, err := getPasswordBytes()
+	if err != nil {
+		return [curve25519.ScalarSize]byte{}, err
+	}
+	valid := isEntropyValid(passbytes, entropyLevel)
+	if !valid {
+		return [curve25519.ScalarSize]byte{}, errors.New("You should choose stroger password!!! (or change entropy level, read more with --help)\n")
+	}
+
+	return sha256.Sum256(passbytes), nil
+}
+
+func getInputHash() ([curve25519.ScalarSize]byte, error) {
+	hashStringBytes, err := getPasswordBytes()
+	if err != nil {
+		return [curve25519.ScalarSize]byte{}, err
+	}
+	hashString := strings.TrimSpace(string(hashStringBytes))
+	passbytes, err := hex.DecodeString(hashString)
+	if err != nil {
+		fmt.Printf("HEXSTR:%s|\n", hashString)
+		return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Unable to decode hash, error: %s\n", err))
+	}
+	if len(passbytes) != curve25519.ScalarSize {
+		return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Wrong input lenght of sha256 hash! (may be it is not a hash at all) Expected %d bytes, got: %d\n", curve25519.ScalarSize, len(passbytes)))
+	}
+
+	// making `possibly` stack allocated out of the one in heap
+	var key [curve25519.ScalarSize]byte
+	copy(key[:], passbytes)
+
+	return key, nil
+}
+
+func getInputRaw() ([curve25519.ScalarSize]byte, error) {
+	passbytes, err := getPasswordBytes()
+	if err != nil {
+		return [curve25519.ScalarSize]byte{}, err
+	}
+	if len(passbytes) != curve25519.ScalarSize {
+		return [curve25519.ScalarSize]byte{}, errors.New(fmt.Sprintf("Wrong amount of entered data! Expected %d bytes, got: %d\n", curve25519.ScalarSize, len(passbytes)))
+	}
+
+	// making `possibly` stack allocated out of the one in heap
+	var key [curve25519.ScalarSize]byte
+	copy(key[:], passbytes)
+
+	return key, nil
+}
+
+func setSystemSignalHandlers() {
+	go handleSigpipe()
+}
+
+func handleSigpipe() {
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt, syscall.SIGPIPE)
+
+	<-c
+
+	errorf("Recieved SIGPIPE. Check if your programs that give input or recieve input do not stops before this one")
+
+	os.Exit(1)
+}
+
+func parseFlags() (*Flags, error) {
+	log.SetFlags(0)
+	flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s", usage) }
+
+	var (
+		rawOutput    bool
+		outputFile   string
+		entropyLevel string
+		inputType    string
+	)
+
+	flag.BoolVar(&rawOutput, "raw-output", false, "Print stripped keys (without additional text or comments)")
+	flag.StringVar(&outputFile, "o", "", "Write the result to the file at path OUTPUT")
+	flag.StringVar(&outputFile, "output", "", "Write the result to the file at path OUTPUT")
+	flag.StringVar(&entropyLevel, "entropy-level", "medium", "Manages required strenght of password. Read more in --help")
+	flag.StringVar(&inputType, "input-type", "password", "Type of input from stdin. Can be 'password' (default), 'hash', 'raw'")
+	flag.Parse()
+
+	eLevel, err := parseEntropyLevel(entropyLevel)
+	if err != nil {
+		return nil, err
+	}
+
+	iType, err := parseInputType(inputType)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Flags{
+		RawOutput:    rawOutput,
+		OutputFile:   outputFile,
+		EntropyLevel: eLevel,
+		InputType:    iType,
+	}, nil
+}
+
+func parseInputType(inputType string) (InputType, error) {
+	m := map[string]InputType{
+		"password": InputPassword,
+		"hash":     InputHash,
+		"raw":      InputRaw,
+	}
+
+	iType, ok := m[inputType]
+	if !ok {
+		return InputPassword, errors.New("wrong input type")
+	}
+
+	return iType, nil
+}
+
 func parseEntropyLevel(entropyLevel string) (int, error) {
 	if i, err := strconv.Atoi(entropyLevel); err == nil {
 		if i == 0 {
@@ -134,10 +266,17 @@ func isEntropyValid(passbytes []byte, entropyLevel int) bool {
 
 func getPasswordBytes() ([]byte, error) {
 	if term.IsTerminal(int(os.Stdin.Fd())) {
-		fmt.Fprintf(os.Stderr, "Enter password: ")
+		oldState, err := term.MakeRaw(0)
-		passbytes, err := term.ReadPassword(int(os.Stdin.Fd()))
+		defer term.Restore(0, oldState)
-		fmt.Println()
+
-		return passbytes, err
+		screen := struct {
+			io.Reader
+			io.Writer
+		}{os.Stdin, os.Stdout}
+		t := term.NewTerminal(screen, "")
+		pass, err := t.ReadPassword("Enter pass: ")
+
+		return []byte(pass), err
 	} else {
 		return io.ReadAll(os.Stdin)
 	}

flake.nix

@@ -8,6 +8,20 @@
                 let pkgs = nixpkgs.legacyPackages.${system}; in
                 {
                     devShells.default = import ./shell.nix { inherit pkgs; };
+
+                    packages.default = pkgs.buildGoModule {
+                        pname = "age-passgen";
+                        version = "unversioned";
+
+                        src = ./.;
+
+                        vendorHash = "sha256-Y6R8c9PzRq0tJ0b06f0LuFfrdFvxQ7h/86a6gg6UOro=";
+                    };
+
+                    apps.default = {
+                        type = "app";
+                        program = "${self.packages.${system}.default}/bin/age-passgen";
+                    };
                 }
             );
 }