Use ssh/terminal package for reading passwords directly from terminal

[govpn.git] / src / govpn / verifier.go

diff --git a/src/govpn/verifier.go b/src/govpn/verifier.go
index 779e949133c1da19907a88c8e7911d623f9a5aac..0dc9388188ad0e1f0c29eec611e7218cae32b687 100644 (file)
--- a/src/govpn/verifier.go
+++ b/src/govpn/verifier.go
@@ -29,6 +29,7 @@ import (
 
        "github.com/agl/ed25519"
        "github.com/magical/argon2"
+       "golang.org/x/crypto/ssh/terminal"
 )
 
 const (
@@ -58,7 +59,7 @@ func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte
        if err != nil {
                log.Fatalln("Unable to apply Argon2d", err)
        }
-       defer sliceZero(r)
+       defer SliceZero(r)
        src := bytes.NewBuffer(r)
        pub, prv, err := ed25519.GenerateKey(src)
        if err != nil {
@@ -117,11 +118,26 @@ func (v *Verifier) LongForm() string {
        )
 }
 
-// Read string from the file, trimming newline.
-func StringFromFile(path string) string {
-       s, err := ioutil.ReadFile(path)
+// Read the key either from text file (if path is specified), or
+// from the terminal.
+func KeyRead(path string) (string, error) {
+       var p []byte
+       var err error
+       var pass string
+       if path == "" {
+               fmt.Print("Passphrase:")
+               p, err = terminal.ReadPassword(0)
+               fmt.Print("\n")
+               pass = string(p)
+       } else {
+               p, err = ioutil.ReadFile(path)
+               pass = strings.TrimRight(string(p), "\n")
+       }
        if err != nil {
-               log.Fatalln("Can not read string from", path, err)
+               return "", err
+       }
+       if len(pass) == 0 {
+               return "", errors.New("Empty passphrase submitted")
        }
-       return strings.TrimRight(string(s), "\n")
+       return pass, err
 }