mirror/0bin
1
0
Fork 0
mirror of https://github.com/Tygs/0bin.git synced 2023-08-10 21:13:00 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #41 from mk-fg/zerobinpaste_updates

Browse Source 
Zerobinpaste updates: seed prng from /dev/(u)random, shorter keys
This commit is contained in:
sametmax
2013-05-04 05:01:00 -07:00
parent 759bb82d93 118b0ce47d
commit 04099c631a
1 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
tools/zerobinpaste.coffee
View File

@@ -5,7 +5,12 @@ program
.option('-u, --url [url]', 'URL of a 0bin site.') .option('-u, --url [url]', 'URL of a 0bin site.')
.option('-e, --expire [period]', .option('-e, --expire [period]',
'Expiration period - one of: 1_view, 1_day (default), 1_month, never.', '1_day') 'Expiration period - one of: 1_view, 1_day (default), 1_month, never.', '1_day')
.option('-c, --config [path]', 'Path to zerobin configuration file (default: ~/.zerobinpasterc).\n'\ .option('-k, --entropy [bits]',
'Encryption key entropy (and hence length) to use,'\
+ ' in bits, rounded up to multiple of 6 (default: 48).\n'\
+ ' That key will be processed by 1000 pbkdf2-sha256 iterations, not used as-is.', 48)
.option('-c, --config [path]',
'Path to zerobin configuration file (default: ~/.zerobinpasterc).\n'\
+ ' Should be json-file with the same keys as can be specified on the command line.\n'\ + ' Should be json-file with the same keys as can be specified on the command line.\n'\
+ ' Example contents: {"url": "http://some-0bin.com"}', '~/.zerobinpasterc') + ' Example contents: {"url": "http://some-0bin.com"}', '~/.zerobinpasterc')
.parse(process.argv); .parse(process.argv);
@@ -40,6 +45,17 @@ if program.expire not in expire_opts
+ ' must be one of: ' + expire_opts.join(', ') + "." ) + ' must be one of: ' + expire_opts.join(', ') + "." )
process.exit(1) process.exit(1)
program.entropy = parseInt(program.entropy)
# Generated key will use base64 (6b per char) charset
# Key is not decoded for pbkdf2, so it's generated via base64 here just for convenience
generate_key = (entropy) ->
entropy = Math.ceil(entropy / 6) * 6 # non-6-multiple produces same-length base64
key = sjcl.bitArray.clamp(
sjcl.random.randomWords(Math.ceil(entropy / 32), 0), entropy )
return sjcl.codec.base64.fromBits(key, 0).replace(/\=+$/, '').replace(/\//, '-')
# Paste one dump and print URL, optionally prefixed with name # Paste one dump and print URL, optionally prefixed with name
paste_file = (content, name) -> paste_file = (content, name) ->
@@ -48,7 +64,7 @@ paste_file = (content, name) ->
content = sjcl.codec.base64.fromBits(content) content = sjcl.codec.base64.fromBits(content)
# content = lzw.compress(content) # content = lzw.compress(content)
key = sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0) key = generate_key(program.entropy)
content = sjcl.encrypt(key, content) content = sjcl.encrypt(key, content)
content = qs.stringify content = qs.stringify
content: content content: content
@@ -88,6 +104,22 @@ paste_file = (content, name) ->
req.end() req.end()
# Seed sjcl prng from /dev/(u)random
do (bytes=64) ->
for src in ['/dev/urandom', '/dev/random', null]
break if not src or fs.existsSync(src)
if not src
console.error( 'ERROR: Failed to seed PRNG -'\
+ ' /dev/(u)random is unavailable, relying only on sjcl entropy sources' )
return
fd = fs.openSync(src, 'r')
buff = new Buffer(bytes)
fs.readSync(fd, buff, 0, bytes)
fs.closeSync(fd)
sjcl.random.addEntropy(
(buff.readUInt32BE(n) for n in [0..bytes/4]), bytes * 8, src )
# Loop over file args or read stdin # Loop over file args or read stdin
if not program.args or not program.args.length if not program.args or not program.args.length
process.stdin.resume() process.stdin.resume()