libsignify_rs/

utils.rs

//
// signify-rs: cryptographically sign and verify files
// lib/src/utils.rs: Utility functions
//
// Copyright (c) 2025, 2026 Ali Polatel <alip@chesswob.org>
// Based in part upon OpenBSD's signify which is:
//   Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
//   Copyright (c) 2016 Marc Espie <espie@openbsd.org>
//   Copyright (c) 2019 Adrian Perez de Castro <aperez@igalia.com>
//   Copyright (c) 2019 Scott Bennett and other contributors
//   SPDX-License-Identifier: ISC
//
// SPDX-License-Identifier: ISC

use std::path::Path;

use crate::error::{Error, Result};
use data_encoding::HEXLOWER;
use rpassword::prompt_password;
use std::fs::File;

use zeroize::Zeroizing;

#[cfg(any(target_os = "linux", target_os = "android"))]
use linux_keyutils::Key;

/// Read a password from the keyring or stdin.
///
/// Use `tty` to read from a specific TTY file handle (Unix only), or `stdin` if `None`.
///
/// # Errors
///
/// Returns `Error::Io` if reading fails.
pub fn read_password(
    prompt: &str,
    key_id: Option<i32>,
    _tty: Option<&File>,
) -> Result<Zeroizing<Vec<u8>>> {
    #[cfg(any(target_os = "linux", target_os = "android"))]
    if let Some(id) = key_id {
        // Only check session keyring if we have a key ID to look up.
        let key = Key::from_id(linux_keyutils::KeySerialId(id));

        // Read key payload directly into a Zeroizing buffer.
        // We allocate 1KB, read into it, and then truncate.
        // This avoids intermediate copies of the secret.
        // The buffer size is consistent with OpenBSD.
        let mut buf = Zeroizing::new(vec![0u8; 1024]);
        let len = key.read(&mut buf).map_err(Error::Keyring)?;

        if len > buf.len() {
            return Err(Error::InvalidKeyLength);
        }

        buf.truncate(len);
        return Ok(buf);
    }

    #[cfg(not(any(target_os = "linux", target_os = "android")))]
    if key_id.is_some() {
        return Err(Error::KeyringDisabled);
    }

    #[cfg(unix)]
    if let Some(tty) = _tty {
        return read_password_unix(prompt, tty);
    }

    // Fallback to prompt_password.
    let pass = prompt_password(prompt).map_err(|_e| Error::PasswordReadFailed)?;
    Ok(Zeroizing::new(pass.into_bytes()))
}

#[cfg(unix)]
fn read_password_unix<Fd: std::os::fd::AsFd>(prompt: &str, tty: Fd) -> Result<Zeroizing<Vec<u8>>> {
    use nix::errno::Errno;
    use nix::sys::termios::{tcgetattr, tcsetattr, LocalFlags, SetArg};
    use nix::unistd::{read, write};

    let oterm = tcgetattr(&tty)?;
    let mut nterm = oterm.clone();

    // Disable ECHO.
    nterm.local_flags.remove(LocalFlags::ECHO);
    // Ensure ECHONL is set so newline is echoed.
    nterm.local_flags.insert(LocalFlags::ECHONL);
    tcsetattr(&tty, SetArg::TCSANOW, &nterm)?;

    // Prompt.
    let mut nwrite = 0;
    let bytes = prompt.as_bytes();
    while nwrite < bytes.len() {
        match write(&tty, &bytes[nwrite..]) {
            Ok(n) => nwrite = nwrite.checked_add(n).ok_or(Error::Overflow)?,
            Err(Errno::EINTR) => {}
            Err(errno) => {
                // Restore terminal before returning error.
                let _ = tcsetattr(&tty, SetArg::TCSANOW, &oterm);
                return Err(errno.into());
            }
        }
    }

    // Read password byte-by-byte.
    let mut buf = Zeroizing::new([0u8; 1]);
    let mut pass = Zeroizing::new(Vec::with_capacity(128));
    loop {
        match read(tty.as_fd(), buf.as_mut()) {
            Ok(0) => break, // EOF
            Ok(_) => {
                let c = buf[0];
                if matches!(c, b'\n' | b'\r') {
                    break;
                }
                pass.push(c);
            }
            Err(Errno::EINTR) => {}
            Err(errno) => {
                // Restore terminal before returning error.
                let _ = tcsetattr(&tty, SetArg::TCSANOW, &oterm);
                return Err(errno.into());
            }
        }
    }

    // Restore terminal.
    let _ = tcsetattr(&tty, SetArg::TCSANOW, &oterm);

    Ok(pass)
}

/// Check password strength using zxcvbn (native) or password-strength (WASM).
///
/// Native: Requires zxcvbn score of 4 (strong) to pass.
/// WASM: Requires password-strength score >= 0.8 to pass.
///
/// # Errors
///
/// Returns `Error::InvalidPasswordUtf8` if password is not valid UTF-8.
/// Returns `Error::WeakPassword` with feedback if the password is too weak.
#[cfg(not(any(target_arch = "wasm32", target_arch = "wasm64")))]
pub fn check_password_strength(password: &[u8]) -> Result<()> {
    let password = std::str::from_utf8(password).or(Err(Error::InvalidPasswordUtf8))?;

    let entropy = zxcvbn::zxcvbn(password, &[]);
    if entropy.score() < zxcvbn::Score::Four {
        let feedback = entropy.feedback().map(|feedback| feedback.to_string());
        return Err(Error::WeakPassword(feedback));
    }

    Ok(())
}

/// Check password strength using password-strength crate (WASM version).
#[cfg(any(target_arch = "wasm32", target_arch = "wasm64"))]
pub fn check_password_strength(password: &[u8]) -> Result<()> {
    let password = std::str::from_utf8(password).or(Err(Error::InvalidPasswordUtf8))?;

    let strength = password_strength::estimate_strength(password);
    if strength < 0.8 {
        let feedback = if strength < 0.3 {
            Some("very weak - use a longer passphrase with mixed characters".to_string())
        } else if strength < 0.6 {
            Some("weak - add more characters and avoid common patterns".to_string())
        } else {
            Some("moderate - add uncommon words or symbols".to_string())
        };
        return Err(Error::WeakPassword(feedback));
    }

    Ok(())
}

/// Check that key file names result in the same base name and have correct extensions.
///
/// Returns the base name on success.
///
/// # Errors
///
/// Returns `Error::InvalidKeyName` if extensions don't match or basenames mismatch.
/// Returns `Error::InvalidPath` if paths are invalid UTF-8.
pub fn check_keyname_compliance(pubkey_path: Option<&Path>, seckey_path: &Path) -> Result<String> {
    if !seckey_path
        .extension()
        .is_some_and(|ext| ext.eq_ignore_ascii_case("sec"))
    {
        return Err(Error::InvalidKeyName);
    }

    let seckey_stem = seckey_path.file_stem().ok_or(Error::InvalidPath)?;

    if let Some(pk_path) = pubkey_path {
        if !pk_path
            .extension()
            .is_some_and(|ext| ext.eq_ignore_ascii_case("pub"))
        {
            return Err(Error::InvalidKeyName);
        }

        let pubkey_stem = pk_path.file_stem().ok_or(Error::InvalidPath)?;

        if seckey_stem != pubkey_stem {
            return Err(Error::InvalidKeyName);
        }
    }

    seckey_stem
        .to_str()
        .map(ToOwned::to_owned)
        .ok_or(Error::InvalidPath)
}

/// Logs an untrusted buffer, escaping it as hex if it contains control characters.
pub fn log_untrusted_buf(buf: &[u8]) -> String {
    if contains_ascii_unprintable(buf) {
        HEXLOWER.encode(buf)
    } else if let Ok(s) = std::str::from_utf8(buf) {
        s.to_string()
    } else {
        HEXLOWER.encode(buf)
    }
}

// Checks if the buffer contains ASCII unprintable characters.
fn contains_ascii_unprintable(buf: &[u8]) -> bool {
    buf.iter().any(|byte| !is_ascii_printable(*byte))
}

// Checks if the given character is ASCII printable.
fn is_ascii_printable(byte: u8) -> bool {
    (0x20..=0x7e).contains(&byte)
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::path::PathBuf;

    #[test]
    fn test_compliance_seckey_only() -> std::result::Result<(), Box<dyn std::error::Error>> {
        let sec = PathBuf::from("test.sec");
        assert_eq!(check_keyname_compliance(None, &sec)?, "test");

        let sec = PathBuf::from("foo/bar/baz.sec");
        assert_eq!(check_keyname_compliance(None, &sec)?, "baz");
        Ok(())
    }

    #[test]
    fn test_compliance_invalid_seckey() {
        let sec = PathBuf::from("test.key");
        check_keyname_compliance(None, &sec).unwrap_err();

        let sec = PathBuf::from("test");
        check_keyname_compliance(None, &sec).unwrap_err();
    }

    #[test]
    fn test_compliance_pair_match() -> std::result::Result<(), Box<dyn std::error::Error>> {
        let sec = PathBuf::from("test.sec");
        let pubk = PathBuf::from("test.pub");
        assert_eq!(check_keyname_compliance(Some(&pubk), &sec)?, "test");
        Ok(())
    }

    #[test]
    fn test_compliance_pair_mismatch() {
        let sec = PathBuf::from("test.sec");
        let pubk = PathBuf::from("other.pub");
        check_keyname_compliance(Some(&pubk), &sec).unwrap_err();
    }

    #[test]
    fn test_compliance_invalid_pubkey() {
        let sec = PathBuf::from("test.sec");
        let pubk = PathBuf::from("test.key");
        check_keyname_compliance(Some(&pubk), &sec).unwrap_err();
    }

    #[test]
    fn test_compliance_invalid_path() {
        let sec = PathBuf::from("foo/bar/..");
        assert!(matches!(
            check_keyname_compliance(None, &sec),
            Err(Error::InvalidKeyName) | Err(Error::InvalidPath)
        ));
    }

    #[test]
    fn test_log_untrusted_buf() {
        let buf = b"hello\x00world";
        assert_eq!(log_untrusted_buf(buf), "68656c6c6f00776f726c64");

        let buf = b"hello world";
        assert_eq!(log_untrusted_buf(buf), "hello world");
    }

    #[test]
    fn test_password_strength_invalid_utf8() {
        let password = b"\xff\xfe";
        assert!(matches!(
            check_password_strength(password),
            Err(Error::InvalidPasswordUtf8)
        ));
    }

    #[test]
    fn test_password_strength_weak() {
        let password = b"sekrit";
        assert!(matches!(
            check_password_strength(password),
            Err(Error::WeakPassword(_))
        ));
    }

    #[test]
    fn test_password_strength_strong() {
        let password = b"Shine-On-You-Crazy-Diamond-1975!";
        assert!(check_password_strength(password).is_ok());
    }
}