Source code

Revision control

Copy as Markdown

Other Tools

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "util.h"
#include <fstream>
#include <iomanip>
#include <iostream>
#include <sstream>
#include <string>
#include <prerror.h>
#if defined(__unix__) || defined(__APPLE__)
#include <termios.h>
#include <unistd.h>
#elif defined(WIN32) || defined(_WIN64)
#include <Windows.h>
#endif
static std::string GetPassword(const std::string &prompt) {
std::cout << prompt << std::endl;
#if defined(__unix__) || defined(__APPLE__)
termios oldt;
tcgetattr(STDIN_FILENO, &oldt);
termios newt = oldt;
newt.c_lflag &= ~ECHO;
tcsetattr(STDIN_FILENO, TCSANOW, &newt);
#elif defined(WIN32) || defined(_WIN64)
HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE);
DWORD mode = 0;
GetConsoleMode(hStdin, &mode);
SetConsoleMode(hStdin, mode & (~ENABLE_ECHO_INPUT));
#endif
std::string pw;
std::getline(std::cin, pw);
#if defined(__unix__) || defined(__APPLE__)
tcsetattr(STDIN_FILENO, TCSANOW, &oldt);
#elif defined(WIN32) || defined(_WIN64)
SetConsoleMode(hStdin, mode);
#endif
return pw;
}
static char *GetModulePassword(PK11SlotInfo *slot, int retry, void *arg) {
if (arg == nullptr) {
return nullptr;
}
PwData *pwData = reinterpret_cast<PwData *>(arg);
if (retry > 0) {
std::cerr << "Incorrect password/PIN entered." << std::endl;
return nullptr;
}
switch (pwData->source) {
case PW_NONE:
case PW_FROMFILE:
std::cerr << "Password input method not supported." << std::endl;
return nullptr;
case PW_PLAINTEXT:
return PL_strdup(pwData->data);
default:
break;
}
std::cerr << "Password check failed: No password found." << std::endl;
return nullptr;
}
static std::vector<uint8_t> ReadFromIstream(std::istream &is) {
std::vector<uint8_t> data;
while (is) {
char buf[1024];
is.read(buf, sizeof(buf));
data.insert(data.end(), buf, buf + is.gcount());
}
return data;
}
static std::string GetNewPasswordFromUser(void) {
std::string pw;
while (true) {
pw = GetPassword("Enter new password: ");
if (pw == GetPassword("Re-enter password: ")) {
break;
}
std::cerr << "Passwords do not match. Try again." << std::endl;
}
return pw;
}
bool InitSlotPassword(void) {
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
if (slot.get() == nullptr) {
std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
return false;
}
std::cout << "Enter a password which will be used to encrypt your keys."
<< std::endl
<< std::endl;
std::string pw = GetNewPasswordFromUser();
SECStatus rv = PK11_InitPin(slot.get(), nullptr, pw.c_str());
if (rv != SECSuccess) {
std::cerr << "Init db password failed." << std::endl;
return false;
}
return true;
}
bool ChangeSlotPassword(void) {
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
if (slot.get() == nullptr) {
std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
return false;
}
// get old password and authenticate to db
PK11_SetPasswordFunc(&GetModulePassword);
std::string oldPw = GetPassword("Enter your current password: ");
PwData pwData = {PW_PLAINTEXT, const_cast<char *>(oldPw.c_str())};
SECStatus rv = PK11_Authenticate(slot.get(), false /*loadCerts*/, &pwData);
if (rv != SECSuccess) {
std::cerr << "Password incorrect." << std::endl;
return false;
}
// get new password
std::string newPw = GetNewPasswordFromUser();
if (PK11_ChangePW(slot.get(), oldPw.c_str(), newPw.c_str()) != SECSuccess) {
std::cerr << "Failed to change password." << std::endl;
return false;
}
std::cout << "Password changed successfully." << std::endl;
return true;
}
bool DBLoginIfNeeded(const ScopedPK11SlotInfo &slot) {
if (!PK11_NeedLogin(slot.get())) {
return true;
}
PK11_SetPasswordFunc(&GetModulePassword);
std::string pw = GetPassword("Enter your password: ");
PwData pwData = {PW_PLAINTEXT, const_cast<char *>(pw.c_str())};
SECStatus rv = PK11_Authenticate(slot.get(), true /*loadCerts*/, &pwData);
if (rv != SECSuccess) {
std::cerr << "Could not authenticate to token "
<< PK11_GetTokenName(slot.get()) << ". Failed with error "
<< PR_ErrorToName(PR_GetError()) << std::endl;
return false;
}
std::cout << std::endl;
return true;
}
std::string StringToHex(const ScopedSECItem &input) {
std::stringstream ss;
ss << "0x";
for (size_t i = 0; i < input->len; i++) {
ss << std::hex << std::setfill('0') << std::setw(2)
<< static_cast<int>(input->data[i]);
}
return ss.str();
}
std::vector<uint8_t> ReadInputData(std::string dataPath) {
std::vector<uint8_t> data;
if (dataPath.empty()) {
std::cout << "No input file path given, using stdin." << std::endl;
data = ReadFromIstream(std::cin);
} else {
std::ifstream is(dataPath, std::ifstream::binary);
if (is.good()) {
data = ReadFromIstream(is);
} else {
std::cerr << "IO Error when opening " << dataPath << std::endl;
std::cerr << "Input file does not exist or you don't have permissions."
<< std::endl;
}
}
return data;
}
std::istream &GetStreamFromFileOrStdin(std::string &path, std::ifstream &ifs) {
if (path.empty()) {
return std::cin;
}
ifs.open(path, std::ifstream::binary);
if (!ifs.good()) {
std::cerr << "IO Error when opening " << path << std::endl;
std::cerr << "Input file does not exist or you don't have permissions."
<< std::endl;
}
return ifs;
}