#!/usr/bin/perl
#
# singlepass 3.2
#
# Copyright 2012-2025
# Paul E. Jones <paulej@packetizer.com>
# All Rights Reserved
#
# This script will generate PINs and passwords given a Single Pass password
# and a Service Name.  You can pass your password or service name in
# via the command-line like this (the brackets indicate the parameter
# is optional):
#
#   singlepass [-o <password|pin>] -p <password> -s <service_name>
#
# If any required parameter is not provided, then you will be prompted.
#

use strict;
use utf8;
use Getopt::Long;
use IO::Prompt;
use Digest::SHA qw(hmac_sha256 sha256);

sub usage()
{
    print "usage: singlepass [-o <password|pin>] -p <password> -s <service_name>\n";
}

#
# ComputeIndexedHash
#
# This function will return a string of characters indexed from the
# character array "index_chars" given the input string and character set
# length.  Note the character set length must not be greater than
# the length of the index_chars array (62).
#
sub ComputeIndexedHash
{
    my ($input_string, $char_set_length) = @_;

    my ($indexed_hash,
        $digest);
    my @index_chars = (
        '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd',
        'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
        's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F',
        'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
        'U', 'V', 'W', 'X', 'Y', 'Z'
    );

    if ($char_set_length < 1 || $char_set_length > $#index_chars+1)
    {
        die "ComputeIndexedHash() given invalid length: $char_set_length\n";
    }

    # Get the SHA-256 hash of the input string
    $digest = sha256($input_string);

    # Produce a 16-character hashed index using the hash bytes
    $indexed_hash = "";
    for(my $i=0; $i < 16; $i++)
    {
        my $j = unpack("C", substr($digest, $i, 1));
        $indexed_hash .= $index_chars[$j % $char_set_length];
    }

    return $indexed_hash;
}

#
# MAIN
#
{
    my ($output_type,
        $single_password,
        $service_name,
        $service_password,
        $service_pin,
        $help);

    # Ensure we input UTF-8
    binmode(STDIN, ":encoding(UTF-8)");

    # Check for command-line parameters
    GetOptions("password|p=s" => \$single_password,
               "service|s=s" => \$service_name,
               "output|o=s" => \$output_type,
               "help|\?" => \$help)
    or die("Invalid command line arguments\n");

    if ($help)
    {
        usage();
        exit(0);
    }

    if (length($output_type) > 0 &&
        ($output_type ne "password" && $output_type ne "pin"))
    {
        die "Invalid output type\n";
    }

    # Prompt for password and service name if not provided
    if (length($single_password) == 0)
    {
        $single_password = prompt("Single Password: ", -e => "*");
    }
    else
    {
        utf8::decode($single_password);
    }
    if (length($service_name) == 0)
    {
        $service_name = prompt("Service Name: ");
    }
    else
    {
        utf8::decode($service_name);
    }

    # Check for a valid password and service name
    if ((length($single_password) == 0) || (length($service_name) == 0))
    {
        die "Invalid input provided\n";
    }

    # Compute the service password
    my $password_input = $single_password . ":" . $service_name;
    utf8::encode($password_input);
    $service_password = ComputeIndexedHash($password_input, 62);

    # Compute the service PIN
    my $pin_input = $single_password . ":PIN:" . $service_name;
    utf8::encode($pin_input);
    $service_pin = substr(ComputeIndexedHash($pin_input, 10), 0, 6);

    # Show the results
    if (length($output_type) > 0)
    {
        if ($output_type eq "password")
        {
            print "$service_password";
        }
        else
        {
            print "$service_pin";
        }
    }
    else
    {
        print "Service Password: $service_password\n";
        print "     Service PIN: $service_pin\n";
    }
}